CVE-2026-41488

Name of the Vulnerable Software and Affected Versions langchain-openai versions prior to 1.1.14

Description The url to size() helper function, utilized by get num tokens from messages for image token counting, contains a Time-of-Check to Time-of-Use (TOCTOU) flaw. The function validates URLs for Server-Side Request Forgery (SSRF) protection and subsequently fetches them using a separate network operation with independent DNS resolution. This creates a DNS rebinding window where an attacker-controlled hostname can resolve to a public IP during the validation phase and then resolve to a private or localhost IP during the actual fetch operation.

Recommendations Update to version 1.1.14 or later.