CVE-2025-65106

Name of the Vulnerable Software and Affected Versions LangChain versions 0.3.79 and prior LangChain versions 1.0.0 through 1.0.6

Description LangChain is a framework used for building agents and applications powered by Large Language Models (LLMs). A template injection issue exists in the prompt template system, allowing attackers to access Python object internals through template syntax. This affects applications that accept untrusted template strings in ChatPromptTemplate and related prompt template classes. The issue impacts systems utilizing user-supplied templates, potentially leading to unauthorized access or code execution.

Recommendations Update to LangChain version 0.3.80 or later. Update to LangChain version 1.0.7 or later.