PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-58340 LangChain AI CVE debrief

LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method. The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition. This vulnerability can be mitigated by updating LangChain to a version that fixes the vulnerability, implementing input validation and sanitization, and monitoring for suspicious activity.

Vendor
LangChain AI
Product
LangChain
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-12
Original CVE updated
2026-07-14
Advisory published
2026-01-12
Advisory updated
2026-07-14

Who should care

Users of LangChain versions up to and including 0.3.1 should be aware of this vulnerability and take steps to mitigate it. This includes developers and administrators who use LangChain in their applications or infrastructure, as well as security teams and vulnerability management teams who need to assess and prioritize this vulnerability.

Technical summary

The MRKLOutputParser.parse() method in LangChain versions up to and including 0.3.1 is vulnerable to a regular expression denial-of-service (ReDoS) attack. The method uses a backtracking-prone regular expression to extract tool actions from model output, which can lead to excessive CPU consumption and parsing delays when a crafted payload is provided. This vulnerability can be triggered by an attacker who can supply or influence the parsed text, such as through prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse().

Defensive priority

High

Recommended defensive actions

  • Update LangChain to a version that fixes the vulnerability
  • Implement input validation and sanitization for the MRKLOutputParser.parse() method
  • Monitor for suspicious activity and excessive CPU consumption
  • Consider using a more efficient regular expression or alternative parsing method
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-01-12T23:15:51.780Z and was last modified on 2026-07-14T23:17:18.157Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus. Further verification is recommended to ensure accuracy.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-12T23:15:51.780Z and has not been modified since then. The NVD entry is currently Analyzed.