Vulnerability Description
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to load_prompt() or load_prompt_from_config(), an attacker can read arbitrary files on the host filesystem, constrained only by file-extension checks (.txt for templates, .json/.yaml for examples). This issue has been patched in version 1.2.22.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Langchain | Langchain | < 1.2.22 |
Related Weaknesses (CWE)
References
- https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf40961511Patch
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core==1.2.22Release Notes
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-qh6h-p6c9-ff5ExploitVendor Advisory
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-qh6h-p6c9-ff5ExploitVendor Advisory
FAQ
What is CVE-2026-34070?
CVE-2026-34070 is a vulnerability with a CVSS score of 7.5 (HIGH). LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized ...
How severe is CVE-2026-34070?
CVE-2026-34070 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34070?
Check the references section above for vendor advisories and patch information. Affected products include: Langchain Langchain.