CVE-2026-40087: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in langchain-ai langchain
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28.
AI Analysis
Technical Summary
LangChain's f-string prompt-template validation was incomplete before versions 0.3.84 and 1.2.28. Specifically, DictPromptTemplate and ImagePromptTemplate classes accepted f-string templates containing attribute access or indexing expressions without enforcing the same attribute-access validation as PromptTemplate. Additionally, the validation did not reject nested replacement fields inside format specifiers, allowing Python formatting to resolve nested expressions at runtime. This improper neutralization of special elements is classified under CWE-1336 and has a CVSS 3.1 base score of 5.3 (medium severity). The vulnerability is fixed in versions 0.3.84 and 1.2.28.
Potential Impact
The vulnerability allows certain LangChain prompt template classes to evaluate nested attribute access or indexing expressions during f-string formatting, which could lead to unintended information disclosure or other impacts related to the evaluation of these expressions. The CVSS score of 5.3 indicates a medium impact with low complexity and no required privileges or user interaction. There are no known exploits in the wild at this time.
Mitigation Recommendations
This vulnerability is fixed in LangChain versions 0.3.84 and 1.2.28. Users should upgrade to at least these versions to remediate the issue. Patch status is not explicitly stated beyond the fixed versions; therefore, users should consult the official LangChain release notes or vendor advisory for the latest remediation guidance.
CVE-2026-40087: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in langchain-ai langchain
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
LangChain's f-string prompt-template validation was incomplete before versions 0.3.84 and 1.2.28. Specifically, DictPromptTemplate and ImagePromptTemplate classes accepted f-string templates containing attribute access or indexing expressions without enforcing the same attribute-access validation as PromptTemplate. Additionally, the validation did not reject nested replacement fields inside format specifiers, allowing Python formatting to resolve nested expressions at runtime. This improper neutralization of special elements is classified under CWE-1336 and has a CVSS 3.1 base score of 5.3 (medium severity). The vulnerability is fixed in versions 0.3.84 and 1.2.28.
Potential Impact
The vulnerability allows certain LangChain prompt template classes to evaluate nested attribute access or indexing expressions during f-string formatting, which could lead to unintended information disclosure or other impacts related to the evaluation of these expressions. The CVSS score of 5.3 indicates a medium impact with low complexity and no required privileges or user interaction. There are no known exploits in the wild at this time.
Mitigation Recommendations
This vulnerability is fixed in LangChain versions 0.3.84 and 1.2.28. Users should upgrade to at least these versions to remediate the issue. Patch status is not explicitly stated beyond the fixed versions; therefore, users should consult the official LangChain release notes or vendor advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T00:39:12.206Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d806d21cc7ad14da15a56d
Added to database: 4/9/2026, 8:06:42 PM
Last enriched: 4/17/2026, 11:45:03 AM
Last updated: 5/25/2026, 12:22:37 PM
Views: 162
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.