Changeflow GovPing Data Privacy & Cybersecurity LangChain vulnerability allows information disc...
Priority review Notice Amended Final

LangChain vulnerability allows information disclosure

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 26th, 2026
Detected March 28th, 2026
Email

Summary

CERT-Bund has issued a security advisory regarding a vulnerability in the LangChain open-source framework. The vulnerability allows remote attackers to disclose information, with a CVSS base score of 7.5. The advisory affects versions prior to 1.2.22.

View original document View source feed page

What changed

CERT-Bund has released security advisory WID-SEC-2026-0896 detailing a critical vulnerability in the LangChain open-source framework. The flaw, rated with a CVSS base score of 7.5 (high), allows remote, anonymous attackers to exploit the system and disclose sensitive information. This advisory impacts all versions of LangChain prior to 1.2.22, running on various operating systems including UNIX and Windows.

Organizations utilizing LangChain should immediately review their deployed versions and apply available mitigations. The advisory indicates that affected systems include open-source LangChain versions less than 1.2.22. While a specific compliance deadline is not provided, prompt action is recommended to patch or update the framework to prevent potential information disclosure and mitigate security risks.

What to do next

  1. Update LangChain to version 1.2.22 or later
  2. Implement available security mitigations for LangChain
  3. Review system logs for signs of exploitation

Source document (simplified)

[WID-SEC-2026-0896] LangChain: Schwachstelle ermöglicht Offenlegung von Informationen CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.7 (mittel) Remoteangriff ja Datum 26.03.2026 Stand 27.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

LangChain ist ein Open-Source-Framework, das die Entwicklung von Anwendungen mit großen Sprachmodellen (LLMs) erleichtert

Produkte

26.03.2026
- Open Source LangChain <1.2.22

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in LangChain ausnutzen, um Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de IBM App Connect Enterprise Critical Vulnerabilities
Urgent Mar 28, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Hitachi Virtual Storage Platform Vulnerabilities
Urgent Mar 28, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Dovecot Vulnerabilities Allow SQL Injection, Authentication Bypass, Info Exposure
Priority review Mar 28, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.gov.bm Bermuda Launches National Cybersecurity Risk Assessment
Priority review Mar 28, 2026 Bermuda Government News Government & Legislation
Favicon for www.nist.gov Draft NIST Cyber AI Profile for Cybersecurity Guidelines
Priority review Mar 28, 2026 NIST News Data Privacy & Cybersecurity
Favicon for usdaoig.oversight.gov USDA IT Security Directives Lack Relevance and Effectiveness
Priority review Mar 28, 2026 USDA OIG Reports Agriculture & Food Safety

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 26th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0896

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Software Development Information Disclosure
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Software Development

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 265 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 69 Defense & National Security 52 Education 20 Energy 106 Environment 85 Government & Legislation 285 Healthcare 136 Housing 16 Immigration 9 Insurance 56 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 87 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.