GHSA-f4xh-w4cj-qxq8: LangSmith SDK TracingMiddleware: Arbitrary server-side file read
Summary
The LangSmith SDK's `TracingMiddleware` (a component that tracks and logs AI application activity) has a vulnerability that allows attackers to read arbitrary files from a server's local storage and upload them to LangSmith. The attack exploits two bugs: missing validation of data from tracing headers (CWE-346, a type of injection attack) and a type-checking failure that should have blocked file access (CWE-843). Once files are uploaded, anyone with read access to the LangSmith workspace can view the stolen contents.
Solution / Mitigation
Upgrade the Python SDK to version >= 0.8.18. As a temporary workaround until upgrading, do not expose `TracingMiddleware` to untrusted HTTP traffic and limit workspace trace-read access to trusted members only.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-f4xh-w4cj-qxq8
First tracked: June 19, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 95%