CVE-2026-44843 HIGH

CVE-2026-44843: LangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists

Vendor Langchain-Ai
Product langchain
Weakness CWE-502 · Unsafe deserialization
Published May 26, 2026
Last update May 27, 2026

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load() with allowed_objects="all". This does not enable arbitrary Python object deserialization, but it does allow any trusted LangChain-serializable object to be revived, which is broader than these runtime paths require. As a result, attacker-supplied LangChain serialized constructor dictionaries may cause trusted runtime paths to instantiate classes with untrusted constructor arguments. This vulnerability is fixed in 0.3.85 and 1.3.3.

Key dates

02Disclosure timeline

May 26, 2026 CVE published
May 27, 2026 Record updated

Related vulnerabilities

04Related CVE