CVE-2026-40087

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.3.84 and prior to 1.2.28

Description LangChain's f-string prompt-template validation was incomplete, allowing attribute access and indexing expressions in templates for DictPromptTemplate and ImagePromptTemplate. Additionally, f-string validation did not reject nested replacement fields within format specifiers. This could lead to the exposure of internal fields or nested data to prompt output, model context, or logs when formatting richer Python objects. The issue is relevant for applications accepting untrusted template strings. The highest-impact scenario involves attacker control over the template structure and the application passing richer internal Python objects into formatting. The vulnerability allows for potential confidentiality impact through attribute access and indexing expressions during formatting.

Recommendations Update to LangChain version 0.3.84 or 1.2.28 or later.