CVE-2026-41182
Awaiting Analysis Awaiting Analysis - Queue
Output Redaction Bypass in LangSmith JavaScript and Python SDKs

Publication date: 2026-04-23

Last updated on: 2026-05-29

Assigner: GitHub, Inc.

Description
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a new_token event containing the raw token value. These events bypass the redaction pipeline entirely β€” prepareRunCreateOrUpdateInputs (JS) and _hide_run_outputs (Python) only process the inputs and outputs fields on a run, never the events array. As a result, applications relying on output redaction to prevent sensitive LLM output from being stored in LangSmith will still leak the full streamed content via run events. Version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK fix the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-23
Last Modified
2026-05-29
Generated
2026-06-16
AI Q&A
2026-04-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41182
EUVD
EUVD-2026-25152
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
langsmith javascript_sdk to 0.5.19 (exc)
langsmith python_sdk to 0.7.31 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
CWE-359 The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-41182 is a vulnerability in the LangSmith SDKs for JavaScript and Python where the output redaction controls do not apply to streaming token events generated during large language model (LLM) runs.

When an LLM produces streaming output, each chunk is emitted as a new_token event containing the raw token value. These events bypass the redaction pipeline because the redaction functions only process the inputs and outputs fields, ignoring the events array where these token events reside.

As a result, sensitive information that should be redacted can leak through the stored streaming events, undermining privacy protections. This issue affects JavaScript SDK versions prior to 0.5.19 and Python SDK versions prior to 0.7.31.

Compliance Impact

This vulnerability causes sensitive streamed output data to bypass redaction controls and be stored in the LangSmith platform, potentially exposing private or confidential information.

Such exposure of sensitive information can undermine compliance with common data protection standards and regulations like GDPR and HIPAA, which require the protection of personal and confidential data from unauthorized access.

Because the vulnerability allows unauthorized actors to access sensitive streamed output that should have been redacted, it increases the risk of data breaches and non-compliance with privacy and security requirements mandated by these regulations.

Impact Analysis

This vulnerability can lead to the unintended exposure of sensitive or confidential information that is streamed as output from large language model runs.

Because the streaming token events bypass redaction, applications relying on the SDK's redaction controls may inadvertently store raw token data containing sensitive content.

Unauthorized actors could access this leaked information, potentially compromising privacy and confidentiality.

Detection Guidance

This vulnerability can be detected by inspecting the versions of the LangSmith SDKs in use and by monitoring the stored run events for unredacted streaming token data.

Specifically, check if your JavaScript SDK version is 0.5.18 or lower, or your Python SDK version is 0.7.30 or lower, as these versions are vulnerable.

To detect unredacted streaming token events, you can examine the run event logs for the presence of 'new_token' events containing raw token values that bypass redaction.

Suggested commands include:

  • For JavaScript SDK version check: `npm list langsmith` or check your package.json dependencies.
  • For Python SDK version check: `pip show langsmith` or `pip list | grep langsmith`.
  • To inspect logs or stored run events, use commands or queries that search for 'new_token' events in your logging or database system, for example, using `grep 'new_token' <logfile>` on Linux systems.
Mitigation Strategies

The immediate mitigation step is to upgrade the LangSmith SDKs to the fixed versions.

  • Upgrade the JavaScript SDK to version 0.5.19 or later.
  • Upgrade the Python SDK to version 0.7.31 or later.

These versions include fixes that ensure the output redaction controls apply properly to streaming token events, preventing sensitive streamed content from leaking.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41182. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart