PyPI: langchain-core

CVE-2026-34070

Safety vulnerability ID: SFTY-20260327-53300

Safety legacy ID: pyup.io-90748

Affected versions of the langchain-core package are vulnerable to Path Traversal due to improper validation of file paths embedded in deserialized prompt configuration dictionaries. The load_prompt() and load_prompt_from_config() functions in langchain_core.prompts.loading, through _load_template(), _load_examples(), and _load_few_shot_prompt(), read attacker-influenced values such as template_path, suffix_path, prefix_path, examples, and example_prompt_path without blocking absolute paths or .. traversal sequences before accessing .txt, .json, or .yaml files on disk.

PythonPyPINVDNVDGitHubGHSA
Created at: Apr 2, 2026Updated at: Apr 2, 2026

Overview

LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions

Advisory

Affected versions of the langchain-core package are vulnerable to Path Traversal due to improper validation of file paths embedded in deserialized prompt configuration dictionaries. The load_prompt() and load_prompt_from_config() functions in langchain_core.prompts.loading, through _load_template(), _load_examples(), and _load_few_shot_prompt(), read attacker-influenced values such as template_path, suffix_path, prefix_path, examples, and example_prompt_path without blocking absolute paths or .. traversal sequences before accessing .txt, .json, or .yaml files on disk.

Affected Package

Affecting langchain-core package, versions
<1.2.22

Also affects

---

How to Fix

Upgrade
langchain-core
to
1.2.22
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more