{"data":{"id":"63f6c3cb-dd25-48d8-b025-5ae867be432d","title":"GHSA-r7w7-9xr2-qq2r: langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding","summary":"A vulnerability in `langchain-openai` (a library for connecting to OpenAI's API) allowed attackers to bypass SSRF protection (server-side request forgery, where an attacker tricks a server into making requests it shouldn't) through DNS rebinding (changing what a domain name points to between two lookups). The flaw was in the image token counting feature, which validated URLs in one step and then fetched them in another, giving attackers a window to redirect requests to private networks. The actual risk is limited because stolen data cannot be extracted, though attackers could probe whether internal services exist.","solution":"Upgrade to `langchain-openai` version 1.1.14 or later (which requires `langchain-core` >= 1.2.31). The fix replaces the separate validation and fetch steps with an SSRF-safe httpx transport that resolves DNS once, validates all returned IPs against private/internal ranges in a single operation, pins the connection to the validated IP, and disables redirect following.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-r7w7-9xr2-qq2r","publishedAt":"2026-04-16T23:00:12.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"low","severity":"low","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["langchain-openai@< 1.1.14 (fixed: 1.1.14)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["langchain-openai","langchain-core"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-04-16T23:00:12.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}