CVE-2026-41182 langchain-ai CVE debrief

Who should care

Organizations using LangSmith SDKs with output redaction enabled for privacy or compliance, particularly those processing sensitive data through streaming LLM responses

Technical summary

The LangSmith Client SDKs implement output redaction through prepareRunCreateOrUpdateInputs (JavaScript) and _hide_run_outputs (Python), which sanitize the inputs and outputs fields on run objects. However, when LLM runs use streaming, individual token chunks are emitted as new_token events appended to the events array. The redaction pipeline does not inspect or process this events array, causing each raw streaming token to be persisted to LangSmith traces regardless of redaction configuration. This represents a confidentiality failure for applications depending on output redaction to prevent storage of sensitive LLM-generated content.

Defensive priority

MEDIUM

Recommended defensive actions

• Upgrade JavaScript SDK to version 0.5.19 or later
• Upgrade Python SDK to version 0.7.31 or later
• Review existing LangSmith run traces for sensitive data exposure in streaming events if redaction was previously enabled
• Validate that output redaction settings apply to both non-streaming and streaming LLM runs after upgrade
• Audit application configurations using hideOutputs or hide_outputs to ensure redaction is explicitly enabled

Evidence notes

Advisory published 2026-04-23; modified 2026-05-29. Fix versions: JavaScript SDK 0.5.19, Python SDK 0.7.31. CVSS 5.3 (MEDIUM). CWE-200 (Information Exposure), CWE-359 (Exposure of Private Information), CWE-532 (Insertion of Sensitive Information into Log File).

Official resources