VDB
CVE-2026-27795
CVE-2026-27795
PUBLISHED
CVSS 4.099999904632568 MEDIUM
LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader
EPSS 0.05% · 15.3th percentile
Risk Scores
CVSS v3.1
4.099999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
EPSS Score
0.05%
15.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| langchain | langchain_community | 0 |
| langchain | community | 0, 0, 0 |
| langchain-ai | langchainjs | < 1.1.18, < 1.1.18, < 1.1.18 |
Timeline
- Feb 25, 2026 CVE Published
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 26, 2026 EPSS Score
- Feb 27, 2026 EPSS Score
- Mar 1, 2026 EPSS Score
- Mar 2, 2026 EPSS Score
- Mar 4, 2026 EPSS Score
- Mar 5, 2026 EPSS Score
- Mar 7, 2026 EPSS Score
- Mar 8, 2026 EPSS Score
- Mar 9, 2026 Security Advisory
References
- https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg url
- https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7 url
- https://github.com/langchain-ai/langchainjs/pull/9990 url
- https://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee url
- https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d url
- https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14 url
- https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-27795 advisory
- https://github.com/langchain-ai/langchainjs package