CNNVD-202601-1883 Information
CNNVD ID
CNNVD-202601-1883
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 0.3.1及之前版本存在安全漏洞,该漏洞源于MRKLOutputParser.parse方法使用易受回溯攻击的正则表达式,可能导致正则表达式拒绝服务攻击。
Description (English)
LangChain is a framework for the development of applications supported by the Large Language Model (LLM) at the LangCain Open Source. There is a security loophole in Langchain 0.3.1 and earlier versions, which stems from the MrkLoutputParser.parse method of using regular expressions that are susceptible to retroactive attack, which may lead to a backsliding service attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LangChain
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/langchain-ai/langchain https://huntr.com/bounties/e7ece02c-d4bb-4166-8e08-6baf4f8845bb https://www.langchain.com/ https://www.vulncheck.com/advisories/langchain-mrkloutputparser-redos
Patch
https://github.com/langchain-ai/langchain/releases
Share on: