CNNVD-202602-1417 Information
CNNVD ID
CNNVD-202602-1417
Related CVE
- CNNVD Published: 2026-02-10
Description (Chinese)
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 1.2.11之前版本存在代码问题漏洞,该漏洞源于ChatOpenAI.get_num_tokens_from_messages()方法在计算令牌数时未验证image_url值,可能导致服务端请求伪造攻击。
Description (English)
LangChain is a framework for the development of applications supported by the Large Language Model (LLM) at the LangCain Open Source. The previous version of LangChain 1.2.11 had a code problem loophole, which originated from ChatOpenAI.get num tokens from messages() method, which did not validate the image url value when calculating the number of tokens, and could lead to a request by the service for a false attack.
Vulnerability Type
代码问题
Affected Vendor
LangChain
Published
2026-02-10
Last Modified
2026-02-24
References
https://github.com/langchain-ai/langchain/commit/2b4b1dc29a833d4053deba4c2b77a3848c834565 https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.11 https://github.com/langchain-ai/langchain/security/advisories/GHSA-2g6r-c272-w58r
Patch
https://github.com/langchain-ai/langchain/releases
Share on: