CVE-2026-40087: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in langchain-ai langchain
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28.
AI Analysis
Technical Summary
LangChain's f-string prompt-template validation was incomplete before versions 0.3.84 and 1.2.28. Specifically, DictPromptTemplate and ImagePromptTemplate classes accepted f-string templates containing attribute access or indexing expressions and evaluated them during formatting without enforcing attribute-access validation. Furthermore, the validation process did not reject nested replacement fields inside format specifiers, which could be resolved at runtime, bypassing earlier validation checks. These issues constitute improper neutralization of special elements used in a template engine (CWE-1336). The vulnerability has been addressed in LangChain versions 0.3.84 and 1.2.28.
Potential Impact
The vulnerability allows unsafe evaluation of attribute access or indexing expressions within f-string templates in affected LangChain versions. This could lead to unintended information disclosure or other impacts related to the evaluation of untrusted template expressions. The CVSS score of 5.3 reflects a medium severity with network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact. There are no known exploits in the wild.
Mitigation Recommendations
This vulnerability is fixed in LangChain versions 0.3.84 and 1.2.28. Users should upgrade to these or later versions to remediate the issue. Patch status is not explicitly stated in the vendor advisory content, but the fix is included in these releases. No additional mitigation steps are indicated.
CVE-2026-40087: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in langchain-ai langchain
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
LangChain's f-string prompt-template validation was incomplete before versions 0.3.84 and 1.2.28. Specifically, DictPromptTemplate and ImagePromptTemplate classes accepted f-string templates containing attribute access or indexing expressions and evaluated them during formatting without enforcing attribute-access validation. Furthermore, the validation process did not reject nested replacement fields inside format specifiers, which could be resolved at runtime, bypassing earlier validation checks. These issues constitute improper neutralization of special elements used in a template engine (CWE-1336). The vulnerability has been addressed in LangChain versions 0.3.84 and 1.2.28.
Potential Impact
The vulnerability allows unsafe evaluation of attribute access or indexing expressions within f-string templates in affected LangChain versions. This could lead to unintended information disclosure or other impacts related to the evaluation of untrusted template expressions. The CVSS score of 5.3 reflects a medium severity with network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact. There are no known exploits in the wild.
Mitigation Recommendations
This vulnerability is fixed in LangChain versions 0.3.84 and 1.2.28. Users should upgrade to these or later versions to remediate the issue. Patch status is not explicitly stated in the vendor advisory content, but the fix is included in these releases. No additional mitigation steps are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T00:39:12.206Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d806d21cc7ad14da15a56d
Added to database: 4/9/2026, 8:06:42 PM
Last enriched: 4/9/2026, 8:21:24 PM
Last updated: 4/10/2026, 7:55:24 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.