{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27795", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-24T02:31:33.265Z", "datePublished": "2026-02-25T17:30:01.106Z", "dateUpdated": "2026-02-25T18:42:52.277Z"}, "containers": {"cna": {"title": "LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg"}, {"name": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7"}, {"name": "https://github.com/langchain-ai/langchainjs/pull/9990", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchainjs/pull/9990"}, {"name": "https://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee"}, {"name": "https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d"}, {"name": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14"}, {"name": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18", "tags": ["x_refsource_MISC"], "url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18"}], "affected": [{"vendor": "langchain-ai", "product": "langchainjs", "versions": [{"version": "< 1.1.18", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T17:30:01.106Z"}, "descriptions": [{"lang": "en", "value": "LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to `@langchain/community` 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating `Location` targets before following them. In this version, automatic redirects are disabled (`redirect: \"manual\"`), each 3xx `Location` is resolved and validated with `validateSafeUrl()` before the next request, and a maximum redirect limit prevents infinite loops."}], "source": {"advisory": "GHSA-mphv-75cg-56wg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T18:42:34.609541Z", "id": "CVE-2026-27795", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T18:42:52.277Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27795", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-25T18:42:34.609541Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T18:42:46.808Z"}}], "cna": {"title": "LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader", "source": {"advisory": "GHSA-mphv-75cg-56wg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "langchain-ai", "product": "langchainjs", "versions": [{"status": "affected", "version": "< 1.1.18"}]}], "references": [{"url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg", "name": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7", "name": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/langchain-ai/langchainjs/pull/9990", "name": "https://github.com/langchain-ai/langchainjs/pull/9990", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee", "name": "https://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d", "name": "https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14", "name": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18", "name": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to `@langchain/community` 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating `Location` targets before following them. In this version, automatic redirects are disabled (`redirect: \"manual\"`), each 3xx `Location` is resolved and validated with `validateSafeUrl()` before the next request, and a maximum redirect limit prevents infinite loops."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T17:30:01.106Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27795", "state": "PUBLISHED", "dateUpdated": "2026-02-25T18:42:52.277Z", "dateReserved": "2026-02-24T02:31:33.265Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-25T17:30:01.106Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:langchain:langchain_community:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "82E0218B-5EC7-4779-9F3F-FF40F63DEA54", "versionEndExcluding": "1.1.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to `@langchain/community` 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating `Location` targets before following them. In this version, automatic redirects are disabled (`redirect: \"manual\"`), each 3xx `Location` is resolved and validated with `validateSafeUrl()` before the next request, and a maximum redirect limit prevents infinite loops."}, {"lang": "es", "value": "LangChain es un framework para construir aplicaciones impulsadas por LLM. Antes de la versi\u00f3n 1.1.8, existe una omisi\u00f3n de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) basada en redirecci\u00f3n en `RecursiveUrlLoader` en `@langchain/community`. El cargador valida la URL inicial, pero permite que la recuperaci\u00f3n subyacente siga las redirecciones autom\u00e1ticamente, lo que permite una transici\u00f3n de una URL p\u00fablica segura a un endpoint interno o de metadatos sin revalidaci\u00f3n. Esto es una omisi\u00f3n de las protecciones de SSRF introducidas en 1.1.14 (CVE-2026-26019). Los usuarios deben actualizar a `@langchain/community` 1.1.18, que valida cada salto de redirecci\u00f3n deshabilitando las redirecciones autom\u00e1ticas y revalidando los objetivos de `Location` antes de seguirlos. En esta versi\u00f3n, las redirecciones autom\u00e1ticas est\u00e1n deshabilitadas (`redirect: 'manual'`), cada `Location` 3xx se resuelve y valida con `validateSafeUrl()` antes de la siguiente petici\u00f3n, y un l\u00edmite m\u00e1ximo de redirecciones evita bucles infinitos."}], "id": "CVE-2026-27795", "lastModified": "2026-04-13T14:15:35.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-25T18:23:41.153", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/langchain-ai/langchainjs/pull/9990"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18"}, {"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "langchain-core: @langchain/community: Server-Side Request Forgery (SSRF) bypass via redirect manipulation", "id": "2442693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442693"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-918", "details": ["No description is available for this CVE."], "name": "CVE-2026-27795", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Fix deferred", "package_name": "openshift-lightspeed/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/de-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/de-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/de-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/de-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/ee-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/ee-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ansible-dev-tools-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/de-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/de-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/de-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/de-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ee-cloud-services-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ee-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ee-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-chatbot-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/ansible-dev-tools-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/de-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/de-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/lightspeed-chatbot-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/lightspeed-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/mcp-tools-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/platform-resource-runner-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform/ee-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-llama-stack-core-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-trustyai-ragas-lls-provider-dsp-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-02-25T17:30:01Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-27795\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27795\nhttps://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee\nhttps://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d\nhttps://github.com/langchain-ai/langchainjs/pull/9990\nhttps://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14\nhttps://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18\nhttps://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7\nhttps://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg"], "statement": "This vulnerability is rated MODERATE and affects Red Hat products that use the `@langchain/community` package, specifically the `RecursiveUrlLoader`. A redirect chaining flaw allows a Server-Side Request Forgery (SSRF) bypass, enabling redirection from a validated public URL to an internal or metadata endpoint without revalidation. This could expose internal resources.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.18)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "langchainjs", "source": "cna", "vendor": "langchain-ai"}, "product": "langchainjs", "vendor": "langchain-ai"}], "analysis": {"en": {"generated_at": "2026-04-17T15:04:13.492670+00:00", "value": {"mitigation_remediation": ["Upgrade @langchain/community to version 1.1.18 or later, which disables automatic redirects and re\u2011validates each Location target before following it.", "Verify that the application no longer uses older versions of RecursiveUrlLoader and that redirect options are set to \"manual\" if the loader is customized.", "If an upgrade cannot be performed immediately, restrict outbound traffic from the application or filter URLs to prevent redirects to internal networks, ensuring that any redirect chains are blocked or sufficiently validated by custom application logic."], "summary": {"action": "Immediate Upgrade", "impact": "SSRF Bypass via Redirect Chaining"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the LangChain Community package (langchain-ai:langchainjs) for Node.js. Versions prior to 1.1.8 are impacted. The fix was implemented in version 1.1.18, which validates every redirect target, disables automatic redirects, and enforces a strict redirect limit.", "description_and_impact": "A redirect-based Server\u2011Side Request Forgery bypass exists in the RecursiveUrlLoader component of @langchain/community. The loader authenticates the initial URL but allows the underlying fetch call to follow HTTP redirects automatically without re\u2011validating each hop. This flaw enables a malicious actor to start from a seemingly safe public URL and be redirected to unsecured internal or metadata endpoints, potentially exposing sensitive data or internal services. The weakness is classified as CWE\u2011918.", "risk_and_exploitability": "The severity is assessed with a CVSS score of 4.1, indicating moderate risk. The EPSS score is less than 1%, suggesting a low likelihood of exploitation at this time. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is inferred to be application\u2011controlled HTTP requests that invoke RecursiveUrlLoader, allowing an attacker to supply crafted URLs or manipulate redirects to reach internal services."}}}}, "created": "2026-02-26T13:15:13.726637+00:00", "updated": "2026-04-17T15:15:21.822147+00:00", "vendors": ["langchain-ai", "langchain-ai$PRODUCT$langchainjs"]}