QwikSec

Security Database

CVE

CWE

Training

CVE-2025-65106

Published: Nov 21, 2025

Modified: Nov 21, 2025

PUBLISHED

Description

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.

Vendor	Product	Versions
langchain-ai	langchain	affected `>= 1.0.0, < 1.0.7` affected `< 0.3.80`

Weaknesses (CWE)

References

https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f

x_refsource_CONFIRM

https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a

x_refsource_MISC

https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.