PatchSiren cyber security CVE debrief
CVE-2026-41481 langchain-ai CVE debrief
CVE-2026-41481 is a Server-Side Request Forgery (SSRF) vulnerability in LangChain Text Splitters prior to version 1.1.2. The vulnerability arises from the `HTMLHeaderTextSplitter.split_text_from_url()` function, which validates the initial URL but then performs the fetch with redirects enabled. This allows an attacker-controlled server to redirect to internal, localhost, or cloud metadata endpoints, potentially bypassing SSRF protections. The response body is parsed and returned as Document objects to the calling application code. The impact depends on the application: if it exposes Document contents back to the requester, sensitive data from internal endpoints could be leaked. Applications that store or process Documents internally without returning raw content to the requester are not directly exposed. This vulnerability is fixed in version 1.1.2.
- Vendor
- langchain-ai
- Product
- langchain-text-splitters
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-24
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-24
- Advisory updated
- 2026-06-30
Who should care
Developers and administrators using LangChain Text Splitters prior to version 1.1.2 should be aware of this SSRF vulnerability. Applications that expose Document contents or derivatives back to the requester who supplied the URL are at risk of sensitive data leakage from internal endpoints. Users of LangChain Text Splitters should assess their applications' exposure and update to version 1.1.2 or later to mitigate this vulnerability.
Technical summary
The `HTMLHeaderTextSplitter.split_text_from_url()` function in LangChain Text Splitters prior to version 1.1.2 is vulnerable to Server-Side Request Forgery (SSRF). The function validates the initial URL using `validate_safe_url()` but then performs the fetch with `requests.get()` with redirects enabled by default. This allows an attacker to bypass SSRF protections by redirecting to internal, localhost, or cloud metadata endpoints. The response body is parsed and returned as Document objects to the application code. The vulnerability's impact depends on how the application handles Document contents. This issue is addressed in version 1.1.2.
Defensive priority
Medium priority should be given to updating LangChain Text Splitters to version 1.1.2 or later due to the potential for SSRF and data leakage. Applications that expose Document contents to requesters are at higher risk and should be prioritized for mitigation.
Recommended defensive actions
- Update LangChain Text Splitters to version 1.1.2 or later.
- Assess applications using LangChain Text Splitters for exposure to Document content leakage.
- Implement additional SSRF protections for internal endpoints if updating is not immediately feasible.
- Monitor for suspicious activity related to LangChain Text Splitters usage.
- Review application code for secure handling of Document objects and derivatives.
Evidence notes
The CVE-2026-41481 vulnerability is documented in the official CVE record and NVD detail pages. The vulnerability was publicly disclosed on April 24, 2026, and last modified on June 30, 2026. Multiple sources, including GitHub security advisories and Red Hat security bulletins, provide additional context and mitigation guidance. The LangChain community has addressed this issue in version 1.1.2 of LangChain Text Splitters.
Official resources
-
CVE-2026-41481 CVE record
CVE.org
-
CVE-2026-41481 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This AI-assisted CVE debrief is based on the supplied source corpus and provides an objective summary of CVE-2026-41481. It is intended for informational purposes only and does not constitute professional advice.