Skip to main content

LangSmith SDK EUVDEUVD-2026-41879

| CVE-2026-59152 MEDIUM
Path Traversal (CWE-22)
2026-07-06 GitHub_M
5.0
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.0 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
vuln.today AI
7.7 HIGH

Arbitrary server file read warrants C:H - practical targets include SSH keys, .env secrets, and TLS certs despite the PR:L workspace access gate.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jul 06, 2026 - 17:01 EUVD
Analysis Generated
Jul 06, 2026 - 16:53 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 pypi packages depend on langsmith (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.8.18.

DescriptionCVE.org

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access (for example a low-privilege workspace member, a contractor, or a compromised teammate account) gains the ability to read files from any server running TracingMiddleware, a capability outside that workspace's intended trust boundary. This vulnerability is fixed in 0.8.18.

AnalysisAI

Path traversal in LangSmith Client SDK's TracingMiddleware (versions prior to 0.8.18) enables a trust-boundary crossing where any party with LangSmith workspace trace-read access can exfiltrate arbitrary files from servers running the middleware. An attacker sends a crafted HTTP request to a TracingMiddleware-instrumented server, causing it to read a local filesystem path and upload the contents to LangSmith as a trace attachment, which the attacker then retrieves via their workspace access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain LangSmith workspace trace-read access
Delivery
Send crafted HTTP request with path traversal to TracingMiddleware server
Exploit
Server reads arbitrary local file via unsanitized path
Execution
File contents uploaded to LangSmith as trace attachment
Impact
Attacker retrieves file from workspace traces

Vulnerability AssessmentAI

Exploitation The target server must be running LangSmith SDK prior to 0.8.18 with TracingMiddleware active and processing incoming HTTP requests. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 5.0 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N) understates real-world impact for many deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A contractor with LangSmith workspace read access sends a crafted HTTP request to an internal microservice running TracingMiddleware, embedding a path traversal sequence targeting /run/secrets/db-password or /app/.env in a middleware-parsed field. The server reads the file and uploads its contents to LangSmith as a trace attachment. …
Remediation Upgrade to LangSmith SDK version 0.8.18 or later, which resolves the path traversal per the vendor-released fix confirmed in GitHub Security Advisory GHSA-f4xh-w4cj-qxq8 (https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-f4xh-w4cj-qxq8). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41879 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy