GHSA-926x-3r5x-gfhw: LangChain has incomplete f-string validation in prompt templates
Summary
LangChain had incomplete validation of f-string templates (a Python feature for inserting variables into text) in some prompt template classes. Attackers who could control the template structure could use attribute access (like `object.field`) or indexing (like `array[0]`) to expose internal data from Python objects being formatted. This issue only affected applications that allow untrusted users to write templates, not those using hardcoded templates or only letting users provide variable values.
Solution / Mitigation
LangChain now applies consistent f-string safety validation across all prompt template classes. The fix rejects templates containing attribute access or indexing syntax (such as `.` or `[]`) and rejects nested replacement fields inside format specifiers (templates with `{` or `}` in the format specification part). This blocks malicious patterns while preserving normal f-string formatting features.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-926x-3r5x-gfhw
First tracked: April 8, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%