{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T08:24:00.659","vulnerabilities":[{"cve":{"id":"CVE-2026-25528","sourceIdentifier":"security-advisories@github.com","published":"2026-02-09T21:15:48.857","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary api_url values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. When using distributed tracing, the SDK parses incoming HTTP headers via RunTree.from_headers() in Python or RunTree.fromHeaders() in Typescript. The baggage header can contain replica configurations including api_url and api_key fields. Prior to the fix, these attacker-controlled values were accepted without validation. When a traced operation completes, the SDK's post() and patch() methods send run data to all configured replica URLs, including any injected by an attacker. This vulnerability is fixed in version 0.6.3 of the Python SDK and  0.4.6 of the JavaScript SDK."},{"lang":"es","value":"Los SDKs del cliente de LangSmith proporcionan SDKs para interactuar con la plataforma LangSmith. La característica de trazado distribuido del SDK de LangSmith es vulnerable a la falsificación de petición del lado del servidor a través de encabezados HTTP maliciosos. Un atacante puede inyectar valores arbitrarios de api_url a través del encabezado 'baggage', haciendo que el SDK exfiltre datos de traza sensibles a puntos finales controlados por el atacante. Al usar el trazado distribuido, el SDK analiza los encabezados HTTP entrantes a través de RunTree.from_headers() en Python o RunTree.fromHeaders() en Typescript. El encabezado 'baggage' puede contener configuraciones de réplica, incluyendo los campos api_url y api_key. Antes de la corrección, estos valores controlados por el atacante eran aceptados sin validación. Cuando una operación trazada se completa, los métodos post() y patch() del SDK envían datos de ejecución a todas las URLs de réplica configuradas, incluyendo cualquiera inyectada por un atacante. Esta vulnerabilidad está corregida en la versión 0.6.3 del SDK de Python y 0.4.6 del SDK de JavaScript."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-v34v-rq6j-cj6p","source":"security-advisories@github.com"}]}}]}