LangChain Core security patch release (CVE-2025-68664)
Security Patch Release
Summary
Hide ▲
Show ▼
LangChain released a security patch for langchain-core that reduces the risk of secret theft and prompt injection from CVE-2025-68664. The fix adds an allowed_objects allowlist to `load()` and `loads()`, blocks Jinja2 templates by default, and sets `secrets_from_env` to False. Users are advised to move to 1.2.5 or 0.3.81 as soon as possible.
Related Happenings
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch Release
First: 22.05.2026 08:36
Last: 22.05.2026 08:36
Sources 1
About this happening:
Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch ReleaseAbout this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch Release
First: 15.05.2026 18:56
Last: 15.05.2026 18:56
Sources 1
About this happening:
**Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch ReleaseAbout this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
CPanel security patch release for CVE-2026-29201
Security Patch Release
First: 09.05.2026 10:16
Last: 09.05.2026 10:16
Sources 1
About this happening:
**cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
CPanel security patch release for CVE-2026-29201
Security Patch ReleaseAbout this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch Release
First: 30.04.2026 16:54
Last: 30.04.2026 16:54
Sources 1
About this happening:
**Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch ReleaseAbout this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Timeline
-
26.12.2025 11:27 2 articles · 5mo ago
LangChain Core patch release for CVE-2025-68664
Mitigation Patch UpdateLangChain released a security patch for langchain-core that adds an `allowed_objects` allowlist to `load()` and `loads()`, blocks Jinja2 templates by default, and sets `secrets_from_env` to `False` to reduce serialization-injection risk from CVE-2025-68664. The affected langchain-core ranges are `>= 1.0.0, < 1.2.5` and `< 0.3.81`, with fixes available in `1.2.5` and `0.3.81`.
Show sources
- Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection — thehackernews.com — 26.12.2025 11:27
- Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection — thehackernews.com — 26.12.2025 11:27