high AI Issue
LangChain Core Path Traversal in Prompt Loading
| CVE | CVE-2026-34070 |
| Severity | high |
| Status | open |
| Date | March 20, 2026 |
| Affects | LangChain Core (Python) — all versions before 1.2.22 |
| Source | advisories.gitlab.com |
Details
Path traversal in legacy load_prompt functions allows access to arbitrary files on the server. Attackers can read sensitive configuration files, secrets, and credentials through crafted prompt templates. Fix: upgrade to 1.2.22+.