{"data":{"id":"91cf3a90-9e28-4efc-81cf-044cf29caebf","title":"CVE-2026-55443: LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components ","summary":"LangChain, a framework for building AI agents and applications powered by large language models, had a vulnerability before version 1.3.9 where several components that work with file paths did not properly restrict access to files. This meant attackers could use glob patterns (wildcards for matching multiple files), symlinks (shortcuts to files), or specially crafted paths to read files outside the intended directory, especially when an AI system processes untrusted input. The vulnerability allowed unauthorized file disclosure.","solution":"This vulnerability is fixed in version 1.3.9.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-55443","publishedAt":"2026-06-22T19:17:21.537Z","cveId":"CVE-2026-55443","cweIds":["CWE-22","CWE-59"],"cvssScore":"5.1","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"local","attackComplexity":"high","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-22T19:17:21.537Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}