Skip to main content

Langchain Ai

1 CVEs product

Monthly

CVE-2026-48776 PyPI CRITICAL PATCH GHSA Act Now

Path manipulation in the LangGraph Python SDK (langgraph-sdk) version 0.3.14 and earlier lets caller-supplied identifier values containing URL-special characters redirect an HTTP request to a different resource — or resource type — than the SDK call intended. When applications forward untrusted, unvalidated identifiers into SDK methods and rely on upstream URL-prefix authorization, an attacker can reach, modify, or delete resources outside their authorization scope. There is no public exploit identified at time of analysis and EPSS is low (0.22%), but CVSS is rated 9.1 due to high confidentiality and integrity impact.

Path Traversal Python Langchain Ai Langchain Sdk Red Hat
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Path manipulation in the LangGraph Python SDK (langgraph-sdk) version 0.3.14 and earlier lets caller-supplied identifier values containing URL-special characters redirect an HTTP request to a different resource — or resource type — than the SDK call intended. When applications forward untrusted, unvalidated identifiers into SDK methods and rely on upstream URL-prefix authorization, an attacker can reach, modify, or delete resources outside their authorization scope. There is no public exploit identified at time of analysis and EPSS is low (0.22%), but CVSS is rated 9.1 due to high confidentiality and integrity impact.

Path Traversal Python Langchain Ai +2
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy