CVE-2025-9556

Published: Sep 12, 2025

Modified: Nov 3, 2025

PUBLISHED

Description

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a statement into a prompt to read the "etc/passwd" file.

Vendor	Product	Versions
Langchaingo	Langchaingo	affected `0.1.14`

References

https://github.com/tmc/langchaingo/security/advisories/GHSA-mgcj-g55g-rf6h

https://github.com/tmc/langchaingo/pull/1348

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-9556

Description

Affected Products

References