Skip to main content

Langchain Community CVE-2026-27795

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-02-25 security-advisories@github.com GHSA-mphv-75cg-56wg
4.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.1 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Red Hat
6.5 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 25, 2026 - 18:23 nvd
MEDIUM 4.1

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 50 npm packages depend on @langchain/community (2 direct, 48 indirect)

Ecosystem-wide dependent count for version 1.1.18.

DescriptionGitHub Advisory

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to @langchain/community 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating Location targets before following them. In this version, automatic redirects are disabled (redirect: "manual"), each 3xx Location is resolved and validated with validateSafeUrl() before the next request, and a maximum redirect limit prevents infinite loops.

AnalysisAI

LangChain's RecursiveUrlLoader in @langchain/community versions prior to 1.1.18 fails to validate redirect targets, allowing authenticated attackers to bypass SSRF protections by redirecting from whitelisted URLs to internal or metadata endpoints. An attacker with user credentials can exploit this to access sensitive internal resources or cloud metadata services through automatic redirect following. Affected applications should upgrade to version 1.1.18, which disables automatic redirects and re-validates each redirect destination.

Technical ContextAI

This vulnerability (CWE-918: Server-Side Request Forgery (SSRF)) affects LangChain is a framework for building LLM-powered applications.. LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Use

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Vendor StatusVendor

Share

CVE-2026-27795 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy