{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40190", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-09T20:59:17.620Z", "datePublished": "2026-04-10T19:47:57.642Z", "dateUpdated": "2026-04-13T16:13:45.532Z"}, "containers": {"cna": {"title": "LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`", "problemTypes": [{"descriptions": [{"cweId": "CWE-1321", "lang": "en", "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252"}], "affected": [{"vendor": "langchain-ai", "product": "langsmith-sdk", "versions": [{"version": "< 0.5.18", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T19:47:57.642Z"}, "descriptions": [{"lang": "en", "value": "LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in its internally vendored lodash set() utility. The baseAssignValue() function only guards against the __proto__ key, but fails to prevent traversal via constructor.prototype. This allows an attacker who controls keys in data processed by the createAnonymizer() API to pollute Object.prototype, affecting all objects in the Node.js process. This vulnerability is fixed in 0.5.18."}], "source": {"advisory": "GHSA-fw9q-39r9-c252", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T16:13:33.168377Z", "id": "CVE-2026-40190", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T16:13:45.532Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40190", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T16:13:33.168377Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T16:13:41.123Z"}}], "cna": {"title": "LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`", "source": {"advisory": "GHSA-fw9q-39r9-c252", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "langchain-ai", "product": "langsmith-sdk", "versions": [{"status": "affected", "version": "< 0.5.18"}]}], "references": [{"url": "https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252", "name": "https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in its internally vendored lodash set() utility. The baseAssignValue() function only guards against the __proto__ key, but fails to prevent traversal via constructor.prototype. This allows an attacker who controls keys in data processed by the createAnonymizer() API to pollute Object.prototype, affecting all objects in the Node.js process. This vulnerability is fixed in 0.5.18."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1321", "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T19:47:57.642Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40190", "state": "PUBLISHED", "dateUpdated": "2026-04-13T16:13:45.532Z", "dateReserved": "2026-04-09T20:59:17.620Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-10T19:47:57.642Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in its internally vendored lodash set() utility. The baseAssignValue() function only guards against the __proto__ key, but fails to prevent traversal via constructor.prototype. This allows an attacker who controls keys in data processed by the createAnonymizer() API to pollute Object.prototype, affecting all objects in the Node.js process. This vulnerability is fixed in 0.5.18."}], "id": "CVE-2026-40190", "lastModified": "2026-04-29T20:59:49.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-10T20:16:24.043", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.5.18)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "langsmith-sdk", "source": "cna", "vendor": "langchain-ai"}, "product": "langsmith-sdk", "vendor": "langchain-ai"}], "analysis": {"en": {"generated_at": "2026-04-10T22:21:37.411116+00:00", "value": {"mitigation_remediation": ["Upgrade the langsmith-sdk package to 0.5.18 or later.", "If an immediate upgrade is not possible, validate or sanitize all keys and values passed to createAnonymizer() to prevent prototype pollution."], "summary": {"action": "Apply Patch", "impact": "Prototype Pollution"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in the langchain\u2011ai:langsmith-sdk package for all releases prior to 0.5.18. Any Node.js application that imports that version and uses createAnonymizer() with data that may come from an external or untrusted source is affected. Versions 0.5.18 and newer incorporate the necessary fix.", "description_and_impact": "The langsmith-sdk for JavaScript/TypeScript contains an incomplete prototype\u2011pollution guard in its vendored lodash set() utility. The baseAssignValue() function only blocks the __proto__ key, but it does not prevent assignments to constructor.prototype. When attacker\u2011controlled data passes through the createAnonymizer() API, a key referencing constructor.prototype can modify Object.prototype, thereby affecting every object in the Node.js process. This flaw can alter application behavior, trigger logic errors, or enable the insertion of unintended properties.", "risk_and_exploitability": "The CVSS score of 5.6 indicates medium severity. Although the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the risk remains significant because exploitation requires control over data delivered to createAnonymizer(). This is an inference based on the description. If an attacker can supply such data, they can alter Object.prototype and potentially manipulate application logic or data, making the impact potentially far\u2011reaching within the affected process."}}}}, "created": "2026-04-13T12:42:38.349797+00:00", "updated": "2026-04-13T12:57:25.809290+00:00", "vendors": ["langchain-ai", "langchain-ai$PRODUCT$langsmith-sdk"]}