AI Threat Alert AI Threat Alert

CVE-2026-41488

LOW
Published April 24, 2026

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with...

Full CISO analysis pending enrichment.

Severity & Risk

CVSS 3.1
3.1 / 10
EPSS
0.0%
chance of exploitation in 30 days
Higher than 8% of all CVEs
Source: EPSS v3 — FIRST.org
Exploitation Status
No known exploitation
Sophistication
N/A

Attack Surface

AV AC PR UI S C I A
AV Network
AC High
PR None
UI Required
S Unchanged
C Low
I None
A None

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-41488?

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.

Is CVE-2026-41488 actively exploited?

No confirmed active exploitation of CVE-2026-41488 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-41488?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-41488?

CVE-2026-41488 has a CVSS v3.1 base score of 3.1 (LOW). The EPSS exploitation probability is 0.03%.

Technical Details

NVD Description

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.

Weaknesses (CWE)

CWE-918 Primary

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

Timeline

Published
April 24, 2026
Last Modified
April 24, 2026
First Seen
April 24, 2026
Back to Threat Feed