In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
"https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2026-1508.yaml"