CVE-2024-3095: A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langch
Summary
A Server-Side Request Forgery vulnerability (SSRF, a flaw that lets attackers trick a server into making requests to unintended targets) exists in langchain version 0.1.5's Web Research Retriever component, which fails to block requests to local network addresses. This allows attackers to scan ports, access local services, read cloud metadata, and potentially execute arbitrary code (run commands on a system they don't own) by exploiting internal APIs.
Vulnerability Details
7.7(high)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-3095
First tracked: February 15, 2026 at 08:35 PM
Classified by LLM (prompt v3) · confidence: 92%