CVE-2023-39631: An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function
Summary
CVE-2023-39631 is a code injection vulnerability (a flaw where an attacker can insert malicious code into a program) in Langchain version 0.0.245 that allows a remote attacker to execute arbitrary code through the evaluate function in the numexpr library (a Python tool for fast numerical expression evaluation). The vulnerability has a CVSS severity score of 4.0, indicating low to moderate risk.
Vulnerability Details
9.8(critical)
EPSS: 3.3%
Classification
Affected Vendors
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-39631
First tracked: February 15, 2026 at 08:35 PM
Classified by LLM (prompt v3) · confidence: 92%