Vulnerability Description
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Langchain | Langchain-Openai | < 1.1.14 |
Related Weaknesses (CWE)
References
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-r7w7-9xr2-qq2MitigationVendor Advisory
FAQ
What is CVE-2026-41488?
CVE-2026-41488 is a vulnerability with a CVSS score of 3.1 (LOW). LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) val...
How severe is CVE-2026-41488?
CVE-2026-41488 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41488?
Check the references section above for vendor advisories and patch information. Affected products include: Langchain Langchain-Openai.