CVE-2026-25528
中文标题:
(暂无数据)
英文标题:
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
漏洞描述
中文描述:
(暂无数据)
英文描述:
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary api_url values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. When using distributed tracing, the SDK parses incoming HTTP headers via RunTree.from_headers() in Python or RunTree.fromHeaders() in Typescript. The baggage header can contain replica configurations including api_url and api_key fields. Prior to the fix, these attacker-controlled values were accepted without validation. When a traced operation completes, the SDK's post() and patch() methods send run data to all configured replica URLs, including any injected by an attacker. This vulnerability is fixed in version 0.6.3 of the Python SDK and 0.4.6 of the JavaScript SDK.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| langchain-ai | langsmith-sdk | >= 0.4.10, <0.6.3 | - | - |
cpe:2.3:a:langchain-ai:langsmith-sdk:>=_0.4.10,_<0.6.3:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2026-25528 |
2026-02-10 03:20:01 | 2026-02-09 22:00:04 |
| NVD | nvd_CVE-2026-25528 |
2026-02-10 02:00:05 | 2026-02-09 22:00:06 |
版本与语言
安全公告
变更历史
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']