Nixpkgs security tracker
Permalink
CVE-2026-41488
3.1 LOW
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.
References
Affected products
langchain-openai
- ==< 1.1.14
Matching in nixpkgs
pkgs.python312Packages.langchain-openai
Integration package connecting OpenAI and LangChain
pkgs.python313Packages.langchain-openai
Integration package connecting OpenAI and LangChain
pkgs.python314Packages.langchain-openai
Integration package connecting OpenAI and LangChain
Package maintainers
-
@sarahec Sarah Clark <seclark@nextquestion.net>
-
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>