CNNVD-202602-1286 Information

CNNVD ID

CNNVD-202602-1286

Related CVE

CVE-2026-25528

• CNNVD Published: 2026-02-09

Description (Chinese)

LangSmith Client SDKs是LangChain开源的一个开发者工具包。 LangSmith Client SDKs 0.6.3之前版本和0.4.6之前版本存在代码问题漏洞，该漏洞源于分布式跟踪功能未验证HTTP标头，可能导致服务端请求伪造和敏感数据外泄。

Description (English)

LangSmith Clinic SDKs is a development toolbox for the LangChain Open Source. There is a code problem loophole in previous versions of LangSmith Clinic SDKs 0.6.3 and 0.4.6, which arises from the fact that the distribution tracking function does not verify HTTP header, which may result in requests from service providers for forgery and sensitive data leakage.

Vulnerability Type

代码问题

Affected Vendor

LangChain

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-v34v-rq6j-cj6p

Patch

https://github.com/langchain-ai/langsmith-sdk/releases