CNNVD-202602-1811 Information
CNNVD ID
CNNVD-202602-1811
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
LangChain是LangChain开源的一个用于开发由大型语言模型 (LLM) 提供支持的应用程序的框架。 LangChain 1.1.14之前版本存在代码问题漏洞,该漏洞源于@langchain/community中的RecursiveUrlLoader类对URL验证不足,可能导致爬虫跟随攻击者控制的链接或获取内部基础设施内容。
Description (English)
LangChain is a framework for the development of applications supported by the Large Language Model (LLM) at the LangCain Open Source. The previous version of Langchain 1.1.14 had a code problem loophole, which stemmed from the inadequate verification of URLs in the RecursiveUrLoader category in @langchain/compunity, which could lead to reptiles following the link controlled by the attacker or obtaining internal infrastructure content.
Vulnerability Type
代码问题
Affected Vendor
LangChain
Published
2026-02-11
Last Modified
2026-02-24
References
https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d https://github.com/langchain-ai/langchainjs/pull/9990 https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14 https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7
Patch
https://github.com/langchain-ai/langchain/releases
Share on: