CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation...

Description

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.26%

17.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-1336

Affected Software

Vendor	Product	Versions
Langchain	Langchain Core	< 0.3.84
Langchain	Langchain Core	>= 1.0.0, < 1.2.28

References

https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27bPatch
https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258Patch
https://github.com/langchain-ai/langchain/pull/36612Issue Tracking, Patch
https://github.com/langchain-ai/langchain/pull/36613Issue Tracking, Patch
https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84Product, Release Notes
https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28Product, Release Notes
https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhwMitigation, Vendor Advisory

Timeline

Published: Apr 9, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-40087?

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and subsequently evaluate those expressions during formatting. Second, f-string validation based on parsed top-level field names did not reject nested replacement fields inside format specifiers. In this pattern, the nested replacement field appears in the format specifier rather than in the top-level field name. As a result, earlier validation based on parsed field names did not reject the template even though Python formatting would still attempt to resolve the nested expression at runtime. This vulnerability is fixed in 0.3.84 and 1.2.28.

How severe is CVE-2026-40087?

CVE-2026-40087 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.26% probability of exploitation in the next 30 days.

How do I fix CVE-2026-40087?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.