CVE-2026-41182: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in langchain-ai langsmith-sdk
CVE-2026-41182 is a medium severity vulnerability in the langchain-ai langsmith-sdk affecting versions prior to 0. 5. 19 for JavaScript and 0. 7. 31 for Python. The SDK's output redaction controls do not apply to streaming token events, causing sensitive streamed LLM output to be recorded and stored unredacted in run events. This results in exposure of sensitive information despite redaction settings. The issue is fixed in versions 0. 5. 19 (JavaScript) and 0.
AI Analysis
Technical Summary
The langchain-ai langsmith-sdk prior to versions 0.5.19 (JavaScript) and 0.7.31 (Python) fails to apply output redaction controls to streaming token events generated during LLM runs. Specifically, while the SDK redacts inputs and outputs fields, it does not process the events array where each streaming token is recorded as a new_token event containing raw token values. This bypasses the redaction pipeline, causing sensitive streamed output to be stored unredacted in LangSmith run events. The vulnerability is identified as CWE-200 (Exposure of Sensitive Information). The issue is resolved in the specified fixed versions.
Potential Impact
Sensitive information generated by language model streaming outputs can be exposed to unauthorized actors because the redaction controls do not cover streaming token events. This may lead to unintended leakage of confidential data stored in LangSmith run events. The vulnerability does not affect integrity or availability, only confidentiality. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade to langsmith-sdk version 0.5.19 or later for JavaScript, and version 0.7.31 or later for Python, where the issue is fixed. Patch status is not explicitly stated in the vendor advisory, but fixed versions are provided. Until upgraded, applications relying on output redaction should be aware that streaming token events are not redacted and may leak sensitive data.
CVE-2026-41182: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in langchain-ai langsmith-sdk
Description
CVE-2026-41182 is a medium severity vulnerability in the langchain-ai langsmith-sdk affecting versions prior to 0. 5. 19 for JavaScript and 0. 7. 31 for Python. The SDK's output redaction controls do not apply to streaming token events, causing sensitive streamed LLM output to be recorded and stored unredacted in run events. This results in exposure of sensitive information despite redaction settings. The issue is fixed in versions 0. 5. 19 (JavaScript) and 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The langchain-ai langsmith-sdk prior to versions 0.5.19 (JavaScript) and 0.7.31 (Python) fails to apply output redaction controls to streaming token events generated during LLM runs. Specifically, while the SDK redacts inputs and outputs fields, it does not process the events array where each streaming token is recorded as a new_token event containing raw token values. This bypasses the redaction pipeline, causing sensitive streamed output to be stored unredacted in LangSmith run events. The vulnerability is identified as CWE-200 (Exposure of Sensitive Information). The issue is resolved in the specified fixed versions.
Potential Impact
Sensitive information generated by language model streaming outputs can be exposed to unauthorized actors because the redaction controls do not cover streaming token events. This may lead to unintended leakage of confidential data stored in LangSmith run events. The vulnerability does not affect integrity or availability, only confidentiality. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade to langsmith-sdk version 0.5.19 or later for JavaScript, and version 0.7.31 or later for Python, where the issue is fixed. Patch status is not explicitly stated in the vendor advisory, but fixed versions are provided. Until upgraded, applications relying on output redaction should be aware that streaming token events are not redacted and may leak sensitive data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-17T16:34:45.526Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e9707c87115cfb68522131
Added to database: 4/23/2026, 1:06:04 AM
Last enriched: 4/23/2026, 1:22:30 AM
Last updated: 4/23/2026, 7:17:12 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.