AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-fw9q-39r9-c252: LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `proto` Guard in Internal lodash `set()`

mediumvulnerability

security

Source: GitHub Advisory DatabaseApril 10, 2026CVE-2026-40190

Summary

The LangSmith JavaScript SDK contains a prototype pollution vulnerability (a type of attack where an attacker modifies the base object that all JavaScript objects inherit from) in its internal lodash `set()` function. The vulnerability exists because the code only blocks the `__proto__` key but allows attackers to bypass this protection using `constructor.prototype` instead, potentially affecting all objects in a Node.js application if they control data being processed by the `createAnonymizer()` API.

Solution / Mitigation

Fixed in version 0.5.18. Users should update their `langsmith` package to 0.5.18 or later.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

April 10, 2026

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

AI Component TargetedAPI

Affected Vendors

LangChain

Affected Packages

langsmith@<= 0.5.17 (fixed: 0.5.18)

Related Issues

medium

CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e

Same vendorNVD/CVE Database

critical

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

Same vendor

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-fw9q-39r9-c252

First tracked: April 10, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 92%

GHSA-fw9q-39r9-c252: LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`