langchain==1.2.8
Summary
LangChain released version 1.2.8, which includes several updates and fixes such as reusing ToolStrategy in the agent factory to prevent name mismatches, upgrading urllib3 (a library for making web requests), and adding ToolCallRequest to middleware exports (the code that processes requests between different parts of an application).
Solution / Mitigation
Update to langchain==1.2.8, which includes the fix: 'reuse ToolStrategy in agent factory to prevent name mismatch' and 'upgrade urllib3 to 2.6.3'.
Classification
Affected Vendors
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://github.com/langchain-ai/langchain/releases/tag/langchain%3D%3D1.2.8
First tracked: February 14, 2026 at 03:00 PM
Classified by LLM (prompt v3) · confidence: 75%