CVE-2026-44843
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load() with allowed_objects="all". This does not enable arbitrary Python object deserialization, but it does allow any trusted LangChain-serializable object to be revived, which is broader than these runtime paths require. As a result, attacker-supplied LangChain serialized constructor dictionaries may cause trusted runtime paths to instantiate classes with untrusted constructor arguments. This vulnerability is fixed in 0.3.85 and 1.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langchain-corePyPI | >= 1.0.0, < 1.3.3 | 1.3.3 |
langchain-corePyPI | < 0.3.85 | 0.3.85 |
Affected products
21<= 0.3.84+ 1 more
- (no CPE)range: <= 0.3.84
- cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*range: <0.3.85
- osv-coords19 versionspkg:apk/chainguard/py3.10-langchainpkg:apk/chainguard/py3.10-langchain-corepkg:apk/chainguard/py3.11-langchainpkg:apk/chainguard/py3.11-langchain-corepkg:apk/chainguard/py3.12-langchainpkg:apk/chainguard/py3.12-langchain-corepkg:apk/chainguard/py3.13-langchainpkg:apk/chainguard/py3.13-langchain-corepkg:apk/chainguard/py3-langchainpkg:apk/wolfi/py3.10-langchainpkg:apk/wolfi/py3.10-langchain-corepkg:apk/wolfi/py3.11-langchainpkg:apk/wolfi/py3.11-langchain-corepkg:apk/wolfi/py3.12-langchainpkg:apk/wolfi/py3.12-langchain-corepkg:apk/wolfi/py3.13-langchainpkg:apk/wolfi/py3.13-langchain-corepkg:apk/wolfi/py3-langchainpkg:pypi/langchain-core
< 1.3.4-r0+ 18 more
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: < 1.4.0-r0
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: < 1.4.0-r0
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: < 1.4.0-r0
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: < 1.4.0-r0
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: < 1.4.0-r0
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: < 1.4.0-r0
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: < 1.4.0-r0
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: < 1.4.0-r0
- (no CPE)range: < 1.3.4-r0
- (no CPE)range: >= 1.0.0, < 1.3.3
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-pjwx-r37v-7724ghsaADVISORY
- github.com/langchain-ai/langchain/security/advisories/GHSA-pjwx-r37v-7724nvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-44843ghsaADVISORY
News mentions
1- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026