GHSA-F4XH-W4CJ-QXQ8: Arbitrary Server-Side File Read in LangSmith SDK TracingMiddleware
Vulnerability ID: GHSA-F4XH-W4CJ-QXQ8
CVSS Score: 7.7
Published: 2026-06-19
The LangSmith Python SDK TracingMiddleware is vulnerable to an arbitrary server-side file read. Due to origin validation and type confusion flaws, external inputs parsed from distributed tracing headers bypass local filesystem read protections, allowing remote attackers to silently exfiltrate arbitrary server files to the telemetry dashboard.
TL;DR
Type confusion bypasses filesystem safeguards in LangSmith SDK TracingMiddleware, allowing remote attackers to silently exfiltrate server files to the telemetry dashboard.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-843, CWE-346, CWE-22
- Attack Vector: Network
- CVSS Score: 7.7
- Exploit Status: PoC Available
- Impact: Arbitrary File Read & Exfiltration
Affected Systems
- LangSmith Python SDK (langsmith)
-
langsmith: < 0.8.18 (Fixed in:
0.8.18)
Exploit Details
- GitHub Security Advisory: Exploitation steps and proof of concept logic provided in the advisory and regression tests.
Mitigation Strategies
- Upgrade the langsmith SDK to version 0.8.18 or greater.
- Restrict public HTTP access to tracing endpoints.
- Audit and restrict permissions within the LangSmith workspace.
Remediation Steps:
- Check current version: pip show langsmith
- Run update command: pip install --upgrade langsmith>=0.8.18
- Verify installation and restart application processes.
References
Read the full report for GHSA-F4XH-W4CJ-QXQ8 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)