CVE-2026-27795

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.1.18 @langchain/community versions prior to 1.1.18

Description A redirect-based Server-Side Request Forgery (SSRF) bypass exists in the RecursiveUrlLoader within the @langchain/community package. The loader initially validates the URL, but the underlying fetch mechanism automatically follows redirects without revalidation. This allows a transition from a safe public URL to an internal or metadata endpoint, bypassing existing SSRF protections. An attacker who can influence the content of a crawled page can cause the crawler to fetch cloud instance metadata, access internal services on private networks, connect to localhost services, or exfiltrate response data. The preventOutside option is insufficient to prevent this bypass when redirects are followed automatically. The issue stems from the fact that SSRF validation is only performed on the initial URL and redirects are followed automatically by the fetch function without additional validation.

Recommendations Upgrade to @langchain/community version 1.1.18 or later, which disables automatic redirects and re-validates Location targets before following them.