CVE-2026-26019

low-risk

Published 2026-02-11

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option (enabled by default) is intended to restrict crawling to the same site as the base URL. The implementation used String.startsWith() to compare URLs, which does not perform semantic URL validation. An attacker who controls content on a crawled page could include links to domains that share a string prefix with the target, causing the crawler to follow links to attacker-controlled or internal infrastructure. Additionally, the crawler performed no validation against private or reserved IP addresses. A crawled page could include links targeting cloud metadata services, localhost, or RFC 1918 addresses, and the crawler would fetch them without restriction. This vulnerability is fixed in 1.1.14.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Langchain Community

Affected Vendors

Langchain

References (4)

Patch https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f...

Issue Tracking https://github.com/langchain-ai/langchainjs/pull/9990

Release Notes https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunit...

Vendor Advisory https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4...

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal