PyPI: langchain

CVE-2026-45134

Safety vulnerability ID: SFTY-20260513-51019

Affected versions of the LangSmith SDK package are vulnerable to Deserialization of Untrusted Data due to improper handling of prompt manifests fetched from the LangSmith Hub. The `pull_prompt` and `pull_prompt_commit` methods in Python, as well as `pullPrompt` and `pullPromptCommit` in JS/TS, deserialize prompt manifests that may contain serialized LangChain objects and model configurations controlled by external parties. An attacker can exploit this by publishing a malicious prompt to the LangSmith Hub, which, when pulled by `owner/name`, can lead to Server-side Request Forgery (SSRF), prompt injection, or behaviour manipulation by altering application configurations with attacker-supplied arguments.

PythonPyPINVDNVDGitHubGHSA
Created at: May 13, 2026Updated at: May 13, 2026

Overview

LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

Advisory

langsmith – Deserialization of Untrusted Data

Affected Package

Affecting langchain package, versions
< 0.3.30

Also affects

---

How to Fix

Upgrade
langchain
to
0.3.30
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more