BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

LangChain ‘LangGrinch’ Flaw Lets Attackers Steal Secrets Now

Critical LangChain Core serialization injection (CVE-2025-68664) can expose secrets and enable prompt/Jinja2-based code execution — update to 1.2.5/0.3.81.

  • LangChain Core contains a critical serialization injection flaw (CVE-2025-68664, CVSS 9.3) that can expose secrets and enable prompt injection.
  • The bug stems from improper escaping of dictionaries with “lc” keys during serialization and deserialization in the library’s dump/load functions.
  • Patches restrict allowed deserialized objects, disable automatic secret loading, and block Jinja2 templates by default; affected versions should be updated immediately.

LangChain Core, the Python core package for LangChain, contains a critical vulnerability disclosed in December 2025 that can let attackers extract secrets and influence LLM outputs. Security researcher Yarden Porat reported the issue on December 4, 2025; it is tracked as CVE-2025-68664 with a CVSS score of 9.3 and nicknamed LangGrinch. See the LangChain Core reference and the 1.2.5 package details.

- Advertisement -

The maintainers said the flaw is a problem in the library’s serialization functions, noting that “A serialization injection vulnerability exists in LangChain’s dumps() and dumpd() functions” in their advisory. A serialization injection vulnerability is when an attacker supplies specially crafted serialized data that is interpreted as executable or structured objects during deserialization.

The code fails to escape user-controlled dictionaries that include an “lc” key, which the framework uses internally to mark serialized objects. According to Porat, that lets an attacker cause the system to instantiate unsafe objects when content with an “lc” key is serialized and later deserialized.

Potential outcomes include extraction of environment secrets when deserialization runs with the previous default secrets_from_env=True, instantiation of classes in trusted namespaces (such as langchain_core, langchain, and langchain_community), and possible arbitrary code execution via Jinja2 templates. The escaping bug also enables injection through LLM output fields like metadata, additional_kwargs, or response_metadata.

The patch adds an allowlist parameter “allowed_objects” to restrict deserialized classes, blocks Jinja2 templates by default, and sets secrets_from_env to False. Affected langchain-core versions are >= 1.0.0, < 1.2.5 (fixed in 1.2.5) and < 0.3.81 (fixed in 0.3.81).

- Advertisement -

A related serialization injection issue affects LangChain.js and carries CVE-2025-68665 (CVSS 8.6); see the advisory for affected npm package versions and fixes. Users are advised to update to patched releases as soon as possible.

“The most common attack vector is through LLM response fields like additional_kwargs or response_metadata, which can be controlled via prompt injection and then serialized/deserialized in streaming operations,” Porat said in his write-up.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Must Read

9 DePIN Programs For Passive Income

Here’s something most people don’t realize: your smartphone and PC can generate passive income with almost no effort.I’m not talking about clicking ads for...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading