CVE-2026-26013

{"id": "CVE-2026-26013", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2026-02-10T22:17:00.453", "references": [{"url": "https://github.com/langchain-ai/langchain/commit/2b4b1dc29a833d4053deba4c2b77a3848c834565", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.11", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-2g6r-c272-w58r", "tags": ["Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input. This vulnerability is fixed in 1.2.11."}, {"lang": "es", "value": "LangChain es un framework para construir agentes y aplicaciones impulsadas por LLM. Antes de la versi\u00f3n 1.2.11, el m\u00e9todo ChatOpenAI.get_num_tokens_from_messages() obtiene valores arbitrarios de image_url sin validaci\u00f3n al calcular el recuento de tokens para modelos habilitados para visi\u00f3n. Esto permite a los atacantes desencadenar ataques de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) al proporcionar URLs de imagen maliciosas en la entrada del usuario. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 1.2.11."}], "lastModified": "2026-03-17T20:30:07.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "5CCC1EB9-D45D-465A-96B4-2E6D1DE724FC", "versionEndExcluding": "1.2.11"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}