DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-RR7J-V2Q5-CHGV: GHSA-RR7J-V2Q5-CHGV: Streaming Token Redaction Bypass in LangSmith SDK

#security #cve #cybersecurity #ghsa

GHSA-RR7J-V2Q5-CHGV: Streaming Token Redaction Bypass in LangSmith SDK

Vulnerability ID: GHSA-RR7J-V2Q5-CHGV
CVSS Score: 5.3
Published: 2026-04-16

The LangSmith SDK for both Python and JavaScript/TypeScript fails to apply output redaction controls to streaming token events. This oversight allows sensitive Large Language Model (LLM) outputs to bypass privacy configurations and transmit raw token data to the LangSmith backend, resulting in unintended data exposure.

TL;DR

A flaw in the LangSmith SDK's telemetry processing pipeline causes streaming token events to bypass hide_outputs redaction controls. Applications processing sensitive data via LLM streams transmit unredacted data to LangSmith servers despite active privacy settings.

Technical Details

  • Vulnerability ID: GHSA-RR7J-V2Q5-CHGV
  • CVSS Score: 5.3 (Medium)
  • Attack Vector: Network
  • CWE-ID: CWE-212
  • Exploit Status: None (No Public PoC)
  • KEV Status: Not Listed

Affected Systems

  • LangSmith SDK for Python
  • LangSmith SDK for JavaScript/TypeScript
  • langsmith (npm): < 0.5.19 (Fixed in: 0.5.19)
  • langsmith (PyPI): < 0.7.31 (Fixed in: 0.7.31)

Mitigation Strategies

  • Upgrade the LangSmith Python SDK via PyPI to a patched release.
  • Upgrade the LangSmith JavaScript/TypeScript SDK via npm to a patched release.
  • Disable streaming features on specific LLM chains that process high-sensitivity data if patching is delayed.
  • Audit existing LangSmith project logs and event traces for historical data leaks.

Remediation Steps:

  1. Identify the current version of the LangSmith SDK using pip show langsmith or npm list langsmith.
  2. Update the package.json or requirements.txt to specify langsmith >= 0.5.19 (JS) or langsmith >= 0.7.31 (Python).
  3. Execute npm install or pip install --upgrade langsmith to apply the update.
  4. Restart the application services to ensure the newly loaded SDK library handles subsequent traces.
  5. Perform a test run with streaming enabled and verify the LangSmith events tab reflects redacted token entries.

References

Read the full report for GHSA-RR7J-V2Q5-CHGV on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)