Langchain Community

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-26019 MEDIUM PATCH This Month

RecursiveUrlLoader in LangChain Community prior to 1.1.14 uses weak string-based URL validation that allows attackers to bypass the preventOutside crawling restriction by crafting domains with matching prefixes, potentially exposing the crawler to malicious or internal infrastructure endpoints. An attacker controlling a crawled webpage could inject links to cloud metadata services or private IP ranges, which the crawler would follow without validation, leading to information disclosure.

SSRF AI / ML Langchain Community Langchain Redhat

NVD GitHub

CVSS 3.1

4.1

EPSS

0.0%

CVE-2026-26019

EPSS 0% CVSS 4.1

MEDIUM PATCH This Month

RecursiveUrlLoader in LangChain Community prior to 1.1.14 uses weak string-based URL validation that allows attackers to bypass the preventOutside crawling restriction by crafting domains with matching prefixes, potentially exposing the crawler to malicious or internal infrastructure endpoints. An attacker controlling a crawled webpage could inject links to cloud metadata services or private IP ranges, which the crawler would follow without validation, leading to information disclosure.

SSRF AI / ML Langchain Community +2

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy