CVE-2026-27795
MEDIUM
GHSA-mphv-75cg-56wg
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Lifecycle Timeline
3Description
LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to `@langchain/community` 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating `Location` targets before following them. In this version, automatic redirects are disabled (`redirect: "manual"`), each 3xx `Location` is resolved and validated with `validateSafeUrl()` before the next request, and a maximum redirect limit prevents infinite loops.
Analysis
LangChain's RecursiveUrlLoader in @langchain/community versions prior to 1.1.18 fails to validate redirect targets, allowing authenticated attackers to bypass SSRF protections by redirecting from whitelisted URLs to internal or metadata endpoints. An attacker with user credentials can exploit this to access sensitive internal resources or cloud metadata services through automatic redirect following. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running is a framework for building LLM-powered applications. and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today