The vulnerability involves deserialization of untrusted data (CWE-502) in langsmith-sdk versions prior to Python 0.8.0 and JS/TS 0.6.0. The SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python and pullPrompt / pullPromptCommit in JS/TS) retrieve and deserialize prompt manifests from the LangSmith Hub. These manifests may include serialized LangChain objects and model configurations that influence runtime behavior. Prior to the fix, the SDK did not distinguish between prompts from the user's organization and public prompts controlled by external parties, enabling potential malicious deserialization attacks. This vulnerability has a CVSS 3.1 base score of 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality impact, low integrity impact, and no availability impact. The issue is resolved in LangSmith SDK Python 0.8.0 and JS/TS 0.6.0.

Successful exploitation could allow an attacker to influence runtime behavior by deserializing malicious objects from public prompt manifests, potentially leading to unauthorized disclosure of sensitive information (high confidentiality impact) and limited integrity compromise. There is no reported availability impact. No known exploits in the wild have been reported to date.

Users should upgrade to LangSmith SDK Python version 0.8.0 or later, or JS/TS version 0.6.0 or later, where this vulnerability is fixed. Since no official vendor advisory or patch link is provided, users should verify upgrade availability from the official langchain-ai sources. Patch status is not explicitly confirmed beyond the fixed version information; therefore, users should consult the vendor's official channels for the latest remediation guidance. No additional mitigation steps are indicated.