CVE-2026-25750
URL Parameter Injection in LangSmith Studio Enables Token Theft
Publication date: 2026-03-04
Last updated on: 2026-03-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langchain | langsmith | to 0.12.71 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Langchain Helm Charts prior to version 0.12.71, specifically in LangSmith Studio. It is a URL parameter injection flaw that allows attackers to gain unauthorized access to user accounts by stealing authentication tokens.
When an authenticated LangSmith user clicks on a specially crafted malicious link, their bearer token, user ID, and workspace ID are sent to an attacker-controlled server. With this stolen token, the attacker can impersonate the user and access any resources or perform any actions the user is authorized to within their workspace.
The attack requires social engineering techniques such as phishing or malicious links in emails or chat applications to trick users into clicking the crafted URL.
The stolen tokens expire after 5 minutes, but repeated attacks are possible if the user is repeatedly convinced to click malicious links.
The vulnerability was fixed in version 0.12.71 by implementing validation that requires user-defined allowed origins for the baseUrl parameter, preventing tokens from being sent to unauthorized servers.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to your LangSmith account and workspace resources.
An attacker who steals your authentication token can impersonate you and perform any actions you are authorized to perform within your workspace.
This could result in data exposure, unauthorized changes, or misuse of your LangSmith resources.
Repeated attacks are possible if attackers can convince you multiple times to click malicious links.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Langchain Helm Charts to version 0.12.71 or later, which includes a fix that validates user-defined allowed origins for the baseUrl parameter, preventing tokens from being sent to unauthorized servers.
Self-hosted customers must apply this upgrade as no known workarounds are available.