PatchSiren cyber security CVE debrief
CVE-2026-55443 langchain-ai CVE debrief
CVE-2026-55443 is a medium-severity vulnerability in LangChain, a framework for building agents and LLM-powered applications. The vulnerability allows for path traversal attacks, potentially leading to disclosure of files outside the intended boundary. The issue was fixed in version 1.3.9. LangChain components that resolve filesystem paths or expand search patterns did not consistently confine the resolved path to the intended root directory, allowing attackers to access files outside the configured root using glob patterns and symlinks. This vulnerability is particularly concerning when these components receive path values, search patterns, or workspace contents influenced by an untrusted source, such as an LLM acting on untrusted input.
- Vendor
- langchain-ai
- Product
- langchain
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-22
- Original CVE updated
- 2026-06-26
- Advisory published
- 2026-06-22
- Advisory updated
- 2026-06-26
Who should care
Developers and security teams using LangChain versions prior to 1.3.9 should be aware of this vulnerability and take immediate action to patch or mitigate the risk. This vulnerability could lead to unauthorized file disclosure, which might be critical for applications handling sensitive data. Security teams should prioritize patching, especially in environments where LangChain is used to process untrusted input or handle sensitive data.
Technical summary
CVE-2026-55443 is caused by multiple LangChain components that do not properly confine resolved paths to their intended root directories. Affected components include a file-search agent middleware, prompt- and chain/agent-configuration loaders, and path-prefix authorization checks. These weaknesses allow attackers to use glob patterns and symlinks to access files outside the configured root directory. The vulnerability is rated with a CVSS score of 5.1 and a medium severity. The CVSS vector is CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a local attack vector with high attack complexity and no required privileges or user interaction. The vulnerability leads to high confidentiality impact but no impact on integrity or availability.
Defensive priority
Patching to version 1.3.9 or later is strongly recommended. In the interim, defenders should validate and confine all path inputs, restrict the use of glob patterns and symlinks, and monitor for suspicious file access patterns.
Recommended defensive actions
- Apply the patch by updating LangChain to version 1.3.9 or later.
- Implement additional input validation and path normalization for all path-based inputs.
- Restrict the use of glob patterns and symlinks in untrusted contexts.
- Monitor file access patterns for anomalies that might indicate exploitation attempts.
- Perform thorough inventory checks to identify potentially vulnerable LangChain deployments.
- Consider compensating controls such as Web Application Firewalls (WAFs) to detect and prevent path traversal attacks.
Evidence notes
The CVE and NVD records provide detailed information about the vulnerability, including its CVSS score, affected versions, and patch information. Vendor advisories and patch notes from LangChain are available, offering guidance on mitigation and remediation.
Official resources
-
CVE-2026-55443 CVE record
CVE.org
-
CVE-2026-55443 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
This article is AI-assisted and based on the supplied source corpus.