CVE-2026-41182
Output Redaction Bypass in LangSmith JavaScript and Python SDKs
Publication date: 2026-04-23
Last updated on: 2026-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langsmith | javascript_sdk | to 0.5.19 (exc) |
| langsmith | python_sdk | to 0.7.31 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes sensitive streamed output data to bypass redaction controls and be stored in the LangSmith platform, potentially exposing private or confidential information.
Such exposure of sensitive information can undermine compliance with common data protection standards and regulations like GDPR and HIPAA, which require the protection of personal and confidential data from unauthorized access.
Because the vulnerability allows unauthorized actors to access sensitive streamed output that should have been redacted, it increases the risk of data breaches and non-compliance with privacy and security requirements mandated by these regulations.
Can you explain this vulnerability to me?
CVE-2026-41182 is a vulnerability in the LangSmith SDKs for JavaScript and Python where the output redaction controls do not apply to streaming token events generated during large language model (LLM) runs.
When an LLM produces streaming output, each chunk is emitted as a new_token event containing the raw token value. These events bypass the redaction pipeline because the redaction functions only process the inputs and outputs fields, ignoring the events array where these token events reside.
As a result, sensitive information that should be redacted can leak through the stored streaming events, undermining privacy protections. This issue affects JavaScript SDK versions prior to 0.5.19 and Python SDK versions prior to 0.7.31.
How can this vulnerability impact me? :
This vulnerability can lead to the unintended exposure of sensitive or confidential information that is streamed as output from large language model runs.
Because the streaming token events bypass redaction, applications relying on the SDK's redaction controls may inadvertently store raw token data containing sensitive content.
Unauthorized actors could access this leaked information, potentially compromising privacy and confidentiality.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the versions of the LangSmith SDKs in use and by monitoring the stored run events for unredacted streaming token data.
Specifically, check if your JavaScript SDK version is 0.5.18 or lower, or your Python SDK version is 0.7.30 or lower, as these versions are vulnerable.
To detect unredacted streaming token events, you can examine the run event logs for the presence of 'new_token' events containing raw token values that bypass redaction.
Suggested commands include:
- For JavaScript SDK version check: `npm list langsmith` or check your package.json dependencies.
- For Python SDK version check: `pip show langsmith` or `pip list | grep langsmith`.
- To inspect logs or stored run events, use commands or queries that search for 'new_token' events in your logging or database system, for example, using `grep 'new_token' <logfile>` on Linux systems.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the LangSmith SDKs to the fixed versions.
- Upgrade the JavaScript SDK to version 0.5.19 or later.
- Upgrade the Python SDK to version 0.7.31 or later.
These versions include fixes that ensure the output redaction controls apply properly to streaming token events, preventing sensitive streamed content from leaking.