Main Vulnerability Database SB2026040979

SB2026040979 - Improper input validation in LangChain

Published: April 9, 2026

Security Bulletin ID SB2026040979

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: N/A)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper input validation in DictPromptTemplate and ImagePromptTemplate when processing untrusted f-string template strings during formatting. A remote attacker can supply a specially crafted template containing attribute access or indexing expressions to disclose sensitive information.

Only applications that accept untrusted template strings are affected, and practical impact depends on richer Python objects being passed into template formatting.

Remediation

Install update from vendor's website.

References

https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw