GHSA-pjwx-r37v-7724: LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists
Summary
LangChain has a vulnerability where older code paths deserialize (convert serialized data back into objects) untrusted user input too broadly, allowing attackers to inject specially crafted LangChain objects that get instantiated with attacker-controlled arguments. The vulnerability only affects applications that accept untrusted structured input (like JSON), don't validate it first, and use affected APIs like `RunnableWithMessageHistory` or `astream_log()`.
Solution / Mitigation
LangChain will deprecate the affected APIs (`RunnableWithMessageHistory`, `astream_log()`, and `astream_events(version="v1")`) and recommend migrating to newer streaming and memory patterns like the `stream` API. Additionally, LangChain will update `load()` and `loads()` functions to tighten deserialization behavior so broad object revival is not applied implicitly to untrusted input.
Vulnerability Details
EPSS: 0.0%
Yes
May 8, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-pjwx-r37v-7724
First tracked: May 8, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%