CVE-2026-26013

Description

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input. This vulnerability is fixed in 1.2.11.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

langchain-ai / langchain< 1.2.11 – < 1.2.11

References

VENDOR_ADVISORYhttps://github.com/langchain-ai/langchain/security/advisories/GHSA-2g6r-c272-w58r
PATCHhttps://github.com/langchain-ai/langchain/commit/2b4b1dc29a833d4053deba4c2b77a3848c834565
PATCHhttps://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.11