CVE-2026-40087 - Vulnerability Details

Vendors	Products
Langchain-ai	Langchain

Link	Providers
https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b
https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258
https://github.com/langchain-ai/langchain/pull/36612
https://github.com/langchain-ai/langchain/pull/36613
https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84
https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28
https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw

Type	Values Removed	Values Added
First Time appeared		Langchain-ai Langchain-ai langchain
Vendors & Products		Langchain-ai Langchain-ai langchain

Type	Values Removed	Values Added
Description		LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28.
Title		LangChain has incomplete f-string validation in prompt templates
Weaknesses		CWE-1336
References		https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258 https://github.com/langchain-ai/langchain/pull/36612 https://github.com/langchain-ai/langchain/pull/36613 https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84 https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28 https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40087", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-09T00:39:12.206Z", "datePublished": "2026-04-09T19:34:55.198Z", "dateUpdated": "2026-04-09T19:34:55.198Z"}, "containers": {"cna": {"title": "LangChain has incomplete f-string validation in prompt templates", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw"}, {"name": "https://github.com/langchain-ai/langchain/pull/36612", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchain/pull/36612"}, {"name": "https://github.com/langchain-ai/langchain/pull/36613", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchain/pull/36613"}, {"name": "https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b"}, {"name": "https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258"}, {"name": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84"}, {"name": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28"}], "affected": [{"vendor": "langchain-ai", "product": "langchain", "versions": [{"version": "< 0.3.83", "status": "affected"}, {"version": ">= 1.0.0a1, < 1.2.28", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T19:34:55.198Z"}, "descriptions": [{"lang": "en", "value": "LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28."}], "source": {"advisory": "GHSA-926x-3r5x-gfhw", "discovery": "UNKNOWN"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28."}], "id": "CVE-2026-40087", "lastModified": "2026-04-09T20:16:27.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-09T20:16:27.400", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b"}, {"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258"}, {"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langchain/pull/36612"}, {"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langchain/pull/36613"}, {"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84"}, {"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28"}, {"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object