CVE-2026-25528 MEDIUM

CVE-2026-25528: LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

Vendor Langchain-Ai

Product langsmith-sdk

Weakness CWE-918 · SSRF

Published February 9, 2026

Last update February 10, 2026

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary api_url values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. When using distributed tracing, the SDK parses incoming HTTP headers via RunTree.from_headers() in Python or RunTree.fromHeaders() in Typescript. The baggage header can contain replica configurations including api_url and api_key fields. Prior to the fix, these attacker-controlled values were accepted without validation. When a traced operation completes, the SDK's post() and patch() methods send run data to all configured replica URLs, including any injected by an attacker. This vulnerability is fixed in version 0.6.3 of the Python SDK and 0.4.6 of the JavaScript SDK.

Key dates

02Disclosure timeline

February 9, 2026 CVE published

February 10, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-25528 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

CVE-2026-25528: LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

01Description

02Disclosure timeline

03References

04Related CVE