CVE-2026-44843
Analyzed Analyzed - Analysis Complete
Deserialization Flaw in LangChain Framework

Publication date: 2026-05-26

Last updated on: 2026-05-29

Assigner: GitHub, Inc.

Description
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load() with allowed_objects="all". This does not enable arbitrary Python object deserialization, but it does allow any trusted LangChain-serializable object to be revived, which is broader than these runtime paths require. As a result, attacker-supplied LangChain serialized constructor dictionaries may cause trusted runtime paths to instantiate classes with untrusted constructor arguments. This vulnerability is fixed in 0.3.85 and 1.3.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-29
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-44843
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
langchain langchain to 0.3.85 (exc)
langchain langchain From 1.0.0 (inc) to 1.3.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in LangChain versions prior to 0.3.85 and 1.3.3. It involves older runtime code paths that deserialize inputs, outputs, or other payloads using overly broad object allowlists. Specifically, these paths may call a load() function with allowed_objects set to "all", which allows any trusted LangChain-serializable object to be revived.

While this does not enable arbitrary Python object deserialization, it does allow attacker-supplied serialized constructor dictionaries to cause trusted runtime paths to instantiate classes with untrusted constructor arguments. This means an attacker can influence the creation of objects in a way that was not intended, potentially leading to unexpected behavior.

The vulnerability is fixed in LangChain versions 0.3.85 and 1.3.3.

Impact Analysis

This vulnerability can impact you by allowing an attacker to supply specially crafted serialized data that causes the application to instantiate classes with untrusted constructor arguments. This can lead to unintended behavior within the application, potentially compromising the integrity of the runtime environment.

According to the CVSS score of 8.2, the vulnerability has a high severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. It can cause high confidentiality impact and low integrity impact, but no availability impact.

Mitigation Strategies

To mitigate this vulnerability, upgrade LangChain to version 0.3.85 or 1.3.3 or later, where the issue with overly broad object allowlists in deserialization paths has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44843. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart