Bug 2453287 (CVE-2026-34070) - CVE-2026-34070 langchain: path traversal in legacy load_prompt functions in langchain-core
Summary: CVE-2026-34070 langchain: path traversal in legacy load_prompt functions in l...
Keywords:
Status: NEW
Alias: CVE-2026-34070
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-31 03:02 UTC by OSIDB Bzimport
Modified: 2026-03-31 13:54 UTC (History)
30 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-03-31 03:02:43 UTC 
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to load_prompt() or load_prompt_from_config(), an attacker can read arbitrary files on the host filesystem, constrained only by file-extension checks (.txt for templates, .json/.yaml for examples). This issue has been patched in version 1.2.22.
Note You need to log in before you can comment on or make changes to this bug.