CVE-2023-34541: Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
Summary
Langchain version 0.0.171 has a vulnerability that allows arbitrary code execution (running uncontrolled commands on a system) through its load_prompt function. The vulnerability was reported in June 2023, but the provided source material does not contain detailed information about how the vulnerability works or its severity rating.
Vulnerability Details
9.8(critical)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-34541
First tracked: February 15, 2026 at 08:34 PM
Classified by LLM (prompt v3) · confidence: 92%