Description

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.

INFO

Published Date :

2025-11-21T21:43:02.461Z

Last Modified :

2025-11-21T21:53:19.566Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65106 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65106.

URL Resource
https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a cve-icon cve-icon
https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00 cve-icon cve-icon
https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability