CVE-2026-34070

Name of the Vulnerable Software and Affected Versions LangChain-core versions prior to 1.2.22

Description LangChain is a framework used for building applications powered by language models. Multiple functions within langchain core.prompts.loading do not properly validate file paths when reading configuration dictionaries, leading to potential directory traversal or absolute path injection issues. Specifically, the functions load prompt() and load prompt from config() are susceptible to this issue when processing user-influenced prompt configurations. An attacker could exploit this to read arbitrary files on the host filesystem, with access limited by file extension checks (.txt for templates, .json/.yaml for examples). The vulnerability affects the load template(), load examples(), and load few shot prompt() functions. The issue allows access to sensitive data such as cloud-mounted secrets, credentials, and configuration files. The vulnerable code paths involve loading templates, examples, and few-shot prompts based on configuration keys.

Recommendations Update langchain-core to version 1.2.22 or later.