Vulnerability in Langchain-ai Langchain

CVE-2025-65106

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access P…

EPSS: 0.001 (16.5th percentile) — read the EPSS interpretation.

Affected products

Langchain-ai Langchain — versions >= 1.0.0, < 1.0.7, < 0.3.80

Weakness classification (CWE)

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine

References

https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f (x_refsource_CONFIRM)
https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a (x_refsource_MISC)
https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00 (x_refsource_MISC)