Nixpkgs security tracker
Published
Permalink
CVE-2026-41488
3.1 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.
References
Affected products
langchain-openai
- ==< 1.1.14
Matching in nixpkgs
pkgs.python312Packages.langchain-openai
None
pkgs.python313Packages.langchain-openai
Integration package connecting OpenAI and LangChain
pkgs.python314Packages.langchain-openai
Integration package connecting OpenAI and LangChain
Package maintainers
-
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>
-
@sarahec Sarah Clark <seclark@nextquestion.net>