Medium severity5.8NVD Advisory· Published Feb 9, 2026· Updated Apr 15, 2026

CVE-2026-25528

Description

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary api_url values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. When using distributed tracing, the SDK parses incoming HTTP headers via RunTree.from_headers() in Python or RunTree.fromHeaders() in Typescript. The baggage header can contain replica configurations including api_url and api_key fields. Prior to the fix, these attacker-controlled values were accepted without validation. When a traced operation completes, the SDK's post() and patch() methods send run data to all configured replica URLs, including any injected by an attacker. This vulnerability is fixed in version 0.6.3 of the Python SDK and 0.4.6 of the JavaScript SDK.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
langsmithPyPI	>= 0.4.10, < 0.6.3	0.6.3
langsmithnpm	>= 0.3.41, < 0.4.6	0.4.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-v34v-rq6j-cj6pghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-25528ghsaADVISORY
github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-v34v-rq6j-cj6pnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.377
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000