CVE-2025-9556

Name of the Vulnerable Software and Affected Versions: langchaingo (affected versions not specified)

Description: langchaingo utilizes the gonja library version 1.5.3 to parse prompts that support jinja2 syntax. The gonja library’s support for include and extend syntax, which allows reading files, introduces a server-side template injection issue. This allows an attacker to inject a statement into a prompt to read arbitrary files, such as the /etc/passwd file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.