<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Langchain on CuraSec</title><link>https://curasec.metacog.co.kr/tags/langchain/</link><description>Recent content in Langchain on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 12 Jul 2026 11:56:34 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/langchain/index.xml" rel="self" type="application/rss+xml"/><item><title>LangChain Core Critical RCE – CVE-2025-68664 PoC Public</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-critical-vulnerability-in-langchain-cve-2025-68664/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-critical-vulnerability-in-langchain-cve-2025-68664/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Act:&lt;/strong> A public PoC exists for this critical langchain-core flaw, making exploitation practical for any AI pipeline that processes untrusted input; audit Python environments and upgrade langchain-core to the patched release immediately.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Plan:&lt;/strong> No active exploitation campaign observed (EPSS 0.14, not KEV-listed), but the public PoC warrants building detections for anomalous subprocess or file-system activity spawned from LangChain worker processes before exploitation picks up.&lt;/li>
&lt;li>&lt;strong>Leader — Skip&lt;/strong>&lt;/li>
&lt;li>&lt;strong>Signals:&lt;/strong> CVE-2025-68664 — CISA KEV: not listed, EPSS 0.14, public PoC on GitHub&lt;/li>
&lt;/ul></description></item></channel></rss>