cvedb.io
CVE-2026-25750
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2026-03-04T22:16:17.667 · Last modified 2026-06-17T10:25:10.030

Summary

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The vulnerability affected both LangSmith Cloud and self-hosted deployments. Authenticated LangSmith users who clicked on a specially crafted malicious link would have their bearer token, user ID, and workspace ID transmitted to an attacker-controlled server. With this stolen token, an attacker could impersonate the victim and access any LangSmith resources or perform any actions the user was authorized to perform within their workspace. The attack required social engineering (phishing, malicious link

Affected products

langchain — langsmith

Does this affect you?

Add your gear to cvedb and we'll alert you only when langchain ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.