CVE-2026-40087
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langchain-corePyPI | < 0.3.84 | 0.3.84 |
langchain-corePyPI | >= 1.0.0a1, < 1.2.28 | 1.2.28 |
Affected products
14- osv-coords13 versionspkg:apk/chainguard/open-webuipkg:apk/chainguard/py3.10-langchainpkg:apk/chainguard/py3.11-langchainpkg:apk/chainguard/py3.12-langchainpkg:apk/chainguard/py3.13-langchainpkg:apk/chainguard/py3-langchainpkg:apk/wolfi/open-webuipkg:apk/wolfi/py3.10-langchainpkg:apk/wolfi/py3.11-langchainpkg:apk/wolfi/py3.12-langchainpkg:apk/wolfi/py3.13-langchainpkg:apk/wolfi/py3-langchainpkg:pypi/langchain-core
< 0.8.12-r3+ 12 more
- (no CPE)range: < 0.8.12-r3
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 0.8.12-r3
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 0.3.84
Patches
Vulnerability mechanics
References
9- github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27bnvdPatchWEB
- github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258nvdPatchWEB
- github.com/langchain-ai/langchain/pull/36612nvdIssue TrackingPatchWEB
- github.com/langchain-ai/langchain/pull/36613nvdIssue TrackingPatchWEB
- github.com/advisories/GHSA-926x-3r5x-gfhwghsaADVISORY
- github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhwnvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-40087ghsaADVISORY
- github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84nvdProductRelease NotesWEB
- github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28nvdProductRelease NotesWEB
News mentions
0No linked articles in our index yet.