Описание
LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to @langchain/community 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating Location targets before following them. In this version, automatic redirects are disabled (redirect: "manual"), each 3xx Location is resolved and validated with validateSafeUrl() before the next request, and a maximum redirect limit prevents infinite loops.
A flaw was found in @langchain/community. The RecursiveUrlLoader component, which is responsible for loading URLs, fails to revalidate URLs after following redirects. This allows an attacker to bypass existing Server-Side Request Forgery (SSRF) protections by initially providing a safe public URL that then redirects to an internal or sensitive metadata endpoint. This could lead to unauthorized information disclosure or access to internal network resources.
Отчет
This vulnerability is rated MODERATE and affects Red Hat products that use the @langchain/community package, specifically the RecursiveUrlLoader. A redirect chaining flaw allows a Server-Side Request Forgery (SSRF) bypass, enabling redirection from a validated public URL to an internal or metadata endpoint without revalidation. This could expose internal resources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-service-api-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-supported-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-supported-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/lightspeed-rhel8 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to `@langchain/community` 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating `Location` targets before following them. In this version, automatic redirects are disabled (`redirect: "manual"`), each 3xx `Location` is resolved and validated with `validateSafeUrl()` before the next request, and a maximum redirect limit prevents infinite loops.
LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader
EPSS
6.5 Medium
CVSS3