https://vulnerability.circl.lu/sightings/feed 2026-06-18T03:17:15.461435+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f5348690-24e6-474a-bab1-cb8c800788b4/export 2026-06-18T03:17:15.829386+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f5348690-24e6-474a-bab1-cb8c800788b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-gr75-jv2w-4656", "type": "seen", "source": "https://gist.github.com/alon710/c44712b7c2bb082240930f6c62996619", "content": "# GHSA-GR75-JV2W-4656: GHSA-GR75-JV2W-4656: Path Traversal and Sandbox Escape in LangChain File-Search Middleware and Loaders\n\n> **CVSS Score:** 4.7\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/GHSA-GR75-JV2W-4656\n\n## Summary\nA path traversal and sandbox escape vulnerability in LangChain and LangChain-Anthropic Python packages allows unauthenticated local attackers to access files outside the restricted directory via crafted input, symbolic links, or prefix bypasses.\n\n## TL;DR\nInsecure path resolution, missing symlink checks, and a path-prefix boundary bypass in LangChain allow attackers to escape file sandboxes via directory traversal or symbolic links.\n\n## Technical Details\n\n- **CWE ID**: CWE-22, CWE-59\n- **Attack Vector**: Local\n- **CVSS Score**: 4.7 (Moderate)\n- **EPSS Score**: N/A\n- **Exploit Status**: None / Unproven\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- LangChain core file-search middleware\n- LangChain-Anthropic integration modules\n- Autonomous LLM agents with filesystem tools\n- **langchain**: < 1.3.9 (Fixed in: `1.3.9`)\n- **langchain-anthropic**: < 1.4.6 (Fixed in: `1.4.6`)\n\n## Mitigation\n\n- Upgrade affected packages to langchain >= 1.3.9 and langchain-anthropic >= 1.4.6\n- Enforce container-level isolation to restrict process filesystem access\n- Avoid string-prefix path validation without directory separators\n\n**Remediation Steps:**\n1. Identify LangChain dependencies in requirements.txt or pyproject.toml\n2. Upgrade langchain package to at least version 1.3.9\n3. Upgrade langchain-anthropic package to at least version 1.4.6\n4. Redesign custom tools using pathlib and resolve() for directory validation\n\n## References\n\n- [GitHub Security Advisory GHSA-gr75-jv2w-4656](https://github.com/advisories/GHSA-gr75-jv2w-4656)\n- [OSV Entry for GHSA-gr75-jv2w-4656](https://api.osv.dev/v1/vulns/GHSA-gr75-jv2w-4656)\n- [LangChain Core Repository](https://github.com/langchain-ai/langchain)\n- [LangChain Advisory GHSA-gr75-jv2w-4656](https://github.com/langchain-ai/langchain/security/advisories/GHSA-gr75-jv2w-4656)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-GR75-JV2W-4656) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T16:11:24.000000Z"} 2026-06-16T16:11:24+00:00