{"data":{"id":"05558de1-b9da-4a50-acca-6fac6c676cee","title":"GHSA-qh6h-p6c9-ff54: LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions","summary":"LangChain Core has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories using '../' sequences or absolute paths) in legacy functions that load prompt configurations from files. When an application accepts user-influenced prompt configs and passes them to `load_prompt()` or `load_prompt_from_config()`, attackers can read arbitrary files like secret credentials or configuration files, though they're limited to specific file types (.txt, .json, .yaml).","solution":"Update `langchain-core` to version 1.2.22 or later. The fix adds path validation that rejects absolute paths and '..' traversal sequences by default. Users can pass `allow_dangerous_paths=True` to `load_prompt()` and `load_prompt_from_config()` if they need to load from trusted inputs. Additionally, migrate away from these deprecated legacy functions to the newer `dumpd`/`dumps`/`load`/`loads` serialization APIs from `langchain_core.load`, which don't read from the filesystem and use an allowlist-based security model instead.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-qh6h-p6c9-ff54","publishedAt":"2026-03-27T19:45:00.000Z","cveId":"CVE-2026-34070","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["langchain-core@< 1.2.22 (fixed: 1.2.22)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain","langchain-core"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-27T19:45:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}