LangSmith version 0.12.71 security update (CVE-2026-25750)
Security Patch Release
Summary
Hide ▲
Show ▼
LangSmith released version 0.12.71 to fix CVE-2026-25750, a high-severity flaw that could enable token theft and account takeover. The update applies to both self-hosted and cloud deployments, closing exposure in a platform that handles sensitive AI trace data. Administrators should treat 0.12.71 as the corrective release for the affected baseUrl handling weakness.
Related Happenings
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
AWS Bedrock AgentCore Code Interpreter DNS exfiltration and covert C2 in Sandbox Mode
Technical Analysis
First: 16.03.2026 15:00
Last: 16.03.2026 15:00
Sources 1
How related:
In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells and bypass network isolation.
About this happening:
Researchers demonstrated **DNS-based exfiltration** and covert **C2** against **AWS Bedrock AgentCore Code Interpreter**, showing cloud AI code execution environments can still le...
AWS Bedrock AgentCore Code Interpreter DNS exfiltration and covert C2 in Sandbox Mode
Technical AnalysisHow related: In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells and bypass network isolation.
About this happening: Researchers demonstrated **DNS-based exfiltration** and covert **C2** against **AWS Bedrock AgentCore Code Interpreter**, showing cloud AI code execution environments can still le...
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch Release
First: 11.03.2026 21:38
Last: 11.03.2026 21:38
Sources 1
About this happening:
**Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch ReleaseAbout this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch Release
First: 04.03.2026 21:12
Last: 04.03.2026 21:12
Sources 1
About this happening:
**Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch ReleaseAbout this happening: **Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Latest development: 20.03.2026 17:09
CISA ordered Federal Civilian Executive Branch (FCEB) agencies to apply security updates for CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco updated its bulletin on March 18 to warn of active exploitation in the wild. Amazon threat intelligence researchers said Interlock ransomware had been exploiting CVE-2026-20131 as a zero-day since the end of January, and Cisco said the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root on an affected device.
SolarWinds security patch release for CVE-2025-40538
Security Patch Release
First: 25.02.2026 09:04
Last: 25.02.2026 09:04
Sources 1
About this happening:
**SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...
SolarWinds security patch release for CVE-2025-40538
Security Patch ReleaseAbout this happening: **SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...
Timeline
-
17.03.2026 18:39 2 articles · 2mo ago
LangSmith version 0.12.71 security update (CVE-2026-25750)
Initial DisclosureIn **December 2025**, LangSmith shipped **0.12.71** as the fix for **CVE-2026-25750**. The release applied to both **self-hosted** and **cloud** deployments.
Show sources
- AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE — thehackernews.com — 17.03.2026 18:39
- AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE — thehackernews.com — 17.03.2026 18:39