PYSEC-2026-1517

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/langchain-core/PYSEC-2026-1517.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1517
Aliases
Published
2026-07-07T14:34:52.475462Z
Modified
2026-07-07T17:46:47.900377345Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
langchain-core allows unauthorized users to read arbitrary files from the host file system
Details

A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's (and by extension langchaincore.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.

References

Affected packages

PyPI / langchain-core

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.1.17
Fixed
0.1.53
Introduced
0.2.0
Fixed
0.2.43
Introduced
0.3.0
Fixed
0.3.15

Affected versions

0.*
0.1.17
0.1.18
0.1.19
0.1.20
0.1.21
0.1.22
0.1.23
0.1.24
0.1.25
0.1.26
0.1.27
0.1.28
0.1.29
0.1.30
0.1.31
0.1.32
0.1.33rc1
0.1.33
0.1.34
0.1.35
0.1.36
0.1.37
0.1.38
0.1.39
0.1.40
0.1.41
0.1.42rc1
0.1.42
0.1.43
0.1.44
0.1.45
0.1.46
0.1.47rc1
0.1.47
0.1.48
0.1.49
0.1.50
0.1.51
0.1.52
0.2.0
0.2.1
0.2.2rc1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.13
0.2.15
0.2.16
0.2.17
0.2.18
0.2.19
0.2.20
0.2.21
0.2.22
0.2.23
0.2.24
0.2.25
0.2.26
0.2.27
0.2.28
0.2.29rc1
0.2.29
0.2.30
0.2.31
0.2.32
0.2.33
0.2.34
0.2.35
0.2.36
0.2.37
0.2.38
0.2.39
0.2.40
0.2.41
0.2.42
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
0.3.11
0.3.12
0.3.13
0.3.14

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/langchain-core/PYSEC-2026-1517.yaml"