Langchain Community SSRF Vulnerability Exposes Internal Services

Langchain Community SSRF Vulnerability Exposes Internal Services

First seen 17 Feb 2026, 08:10 UTC GbhackersCybersecuritynewsCyberpressPurple-Ops 79% similarity 31.9

Article Content

Browse articles
ThreatCluster

A Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2026-26019, has been discovered in the langchain/community package, affecting versions up to 1.1.13. This flaw has a moderate severity rating and can potentially expose sensitive cloud metadata and internal infrastructure due to its origin in the RecursiveUrlLoader class, which performs recursive web crawling.

ThreatCluster AI

Timeline

2026-02-17
CVE-2026-26019 published
2026-02-17
Vulnerability identified in langchain/community package
Recent
Details about the flaw and its impact released

Community

Browse all →