Unknown · Langchain-Core · CVE-2026-34070
**Name of the Vulnerable Software and Affected Versions**
LangChain versions prior to 1.2.22
**Description**
Multiple functions within `langchain core.prompts.loading` read files from paths embedded in deserialized configuration dictionaries without validating against absolute path injection or directory traversal (a technique used to access files and directories outside the intended folder). When an application passes user-influenced prompt configurations to the `load prompt()` or `load prompt from config()` endpoints, an attacker can read arbitrary files on the host filesystem. This access is limited by file-extension checks, where `.txt` is required for templates and `.json` or `.yaml` for examples. The affected internal functions include ` load template()`, ` load examples()`, and ` load few shot prompt()`. Specifically, the `template path`, `suffix path`, and `prefix path` variables are processed by ` load template()`, while the `examples` variable (when provided as a string) is processed by ` load examples()`, and the `example prompt path` variable is processed by ` load few shot prompt()`.
**Recommendations**
Update LangChain to version 1.2.22 or later.
As a temporary mitigation, avoid using the `load prompt()` and `load prompt from config()` functions with untrusted user input.
Migrate from the deprecated legacy APIs to the `dumpd`, `dumps`, `load`, and `loads` serialization APIs in `langchain core.load`.