PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59152 langchain-ai CVE debrief

The LangSmith Client SDKs provide software development kits for interacting with the LangSmith platform. Prior to version 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access gains the ability to read files from any server running TracingMiddleware, a capability outside that workspace's intended trust boundary. This vulnerability is fixed in version 0.8.18.

Vendor
langchain-ai
Product
langsmith-sdk
CVSS
MEDIUM 5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-06
Original CVE updated
2026-07-07
Advisory published
2026-07-06
Advisory updated
2026-07-07

Who should care

Organizations using LangSmith Client SDKs, especially those with multiple workspaces or shared access, should assess their exposure and upgrade to version 0.8.18 or later. Low-privilege workspace members, contractors, or compromised teammate accounts could potentially exploit this vulnerability to read sensitive files.

Technical summary

The LangSmith Client SDKs' TracingMiddleware is vulnerable to a file read and upload issue. An attacker can send an HTTP request to a server running TracingMiddleware, causing it to read an arbitrary file and upload it as a trace attachment to LangSmith. This issue allows for a trust-boundary crossing, enabling parties with workspace trace-read access to read files from servers running TracingMiddleware. The vulnerability is identified as CWE-22, CWE-346, and CWE-843.

Defensive priority

Medium priority due to the potential for sensitive file exposure and the relatively low CVSS score of 5.

Recommended defensive actions

  • Upgrade LangSmith Client SDKs to version 0.8.18 or later
  • Review and restrict access to LangSmith workspaces
  • Monitor for suspicious TracingMiddleware activity
  • Implement additional authentication for trace uploads if possible
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-06T16:16:37.413Z and was last modified on 2026-07-07T16:16:41.340Z. The NVD entry is currently Awaiting Analysis. Limited details are available about the specific exploitation or affected systems.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T16:16:37.413Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.