CuraSec

tag: Langchain · 1 items

2026-07-12 · HN (cve) · source ↗ #langchain#cve#supply-chain
  • Engineer — Act: A public PoC exists for this critical langchain-core flaw, making exploitation practical for any AI pipeline that processes untrusted input; audit Python environments and upgrade langchain-core to the patched release immediately.
  • SOC/IR — Plan: No active exploitation campaign observed (EPSS 0.14, not KEV-listed), but the public PoC warrants building detections for anomalous subprocess or file-system activity spawned from LangChain worker processes before exploitation picks up.
  • Leader — Skip
  • Signals: CVE-2025-68664 — CISA KEV: not listed, EPSS 0.14, public PoC on GitHub