{"id":"CVE-2026-45134","summary":"LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning","details":"LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPromptCommit in JS/TS) fetch and deserialize prompt manifests from the LangSmith Hub. These manifests may contain serialized LangChain objects and model configuration that affect runtime behavior. When pulling a public prompt by owner/name identifier, the manifest content is controlled by an external party, but prior versions of the SDK did not distinguish this from pulling a prompt within the caller's own organization. This vulnerability is fixed in LangSmith SDK Python 0.8.0 and JS/TS 0.6.0.","aliases":["GHSA-3644-q5cj-c5c7"],"modified":"2026-06-18T03:57:09.241892981Z","published":"2026-05-27T19:35:32.662Z","related":["CGA-m9mv-hv49-vw59"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-502"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45134.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45134.json"},{"type":"ADVISORY","url":"https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-3644-q5cj-c5c7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45134"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/langchain-ai/langsmith-sdk","events":[{"introduced":"0"},{"fixed":"cf01c873d50f2f50249f1975b8d443a546168a85"},{"fixed":"71b71893b45953b9f339bc62a8037469da4fc914"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"0.8.0"},{"fixed":"0.6.0"}],"source":"AFFECTED_FIELD"}}],"versions":["v0.7.38","v0.7.37","v0.7.36","v0.7.35","v0.7.34","v0.7.33","v0.7.32","v0.7.31","v0.7.30","v0.7.29","v0.7.28","v0.7.27","v0.7.26","v0.7.25","v0.7.24","v0.7.23","v0.7.22","v0.7.21","v0.7.20","v0.7.19","v0.7.18","v0.7.17","v0.7.16","v0.7.15","v0.7.14","v0.7.13","v0.7.12","v0.7.11","v0.7.10","v0.7.9","v0.7.8","v0.7.7","v0.7.6","v0.7.5","v0.7.3","v0.7.4","v0.7.2","v0.7.1","v0.6.8","v0.7.0","v0.6.9","v0.6.7","v0.6.6","v0.6.5","v0.6.4","v0.6.1","v0.6.0","v0.5.2","v0.5.1","v0.5.0","v0.4.60","v0.4.59","v0.4.58","v0.4.57","v0.4.56","v0.4.55","v0.4.54","v0.4.53","v0.4.52","v0.4.51","v0.4.50","v0.4.49","v0.4.48","v0.4.47","v0.4.46","v0.4.45","v0.4.44","v0.4.43","v0.4.42","v0.4.41","v0.4.40","v0.4.39","v0.4.38","v0.4.37","v0.4.36","v0.4.35","v0.4.34","v0.4.33","v0.4.32","v0.4.31","v0.4.30","v0.4.29","v0.4.28","v0.4.27","v0.4.26","v0.4.25","v0.4.24","v0.4.23","v0.4.22","v0.4.21","v0.4.20","v0.4.19","v0.4.18","v0.4.17","v0.4.16","v0.4.15","v0.4.14","v0.4.13","v0.4.12","v0.4.11","v0.4.10","v0.4.9","v0.4.8","v0.4.7","v0.4.6","v0.4.5","v0.4.4","v0.4.3","v0.4.2","v0.4.1","v0.4.0","v0.3.45","v0.3.44","v0.3.43","v0.3.42","v0.3.41","v0.3.40","v0.3.39","v0.3.38","v0.3.37","v0.3.36","v0.3.35","v0.3.34","v0.3.33","v0.3.32","v0.3.31","v0.3.30","v0.3.29","v0.3.28","v0.3.27","v0.3.26","v0.3.25","v0.3.24","v0.3.23","v0.3.22","v0.3.21","v0.3.20","v0.3.19","v0.3.18","v0.3.17","v0.3.16","v0.3.15","v0.3.14","v0.3.13","v0.3.12","v0.3.11","v0.3.10","v0.3.9","v0.3.8","v0.3.7","v0.3.6","v0.3.5","v0.3.4","v0.3.3","v0.3.2","v0.3.1rc1","v0.3.1","v0.3.0","v0.2.11rc15","v0.2.11rc14","v0.2.11rc9","v0.2.11rc13","v0.2.11rc12","v0.2.11rc11","v0.2.11rc10","v0.2.11","v0.2.11rc8","v0.2.11rc7","v0.2.11rc6","v0.2.11rc5","v0.2.11rc4","v0.2.11rc3","v0.2.11rc2","v0.2.11rc1","v0.2.10","v0.2.9","v0.2.8","v0.2.7","v0.2.6","v0.2.5","v0.2.4","langsmith-pyo3==0.1.0rc5","v0.2.3","v0.2.2","langsmith-pyo3==0.1.0rc4","langsmith-pyo3==0.1.0rc3","v0.2.1","v0.2.0","v0.1.147","langsmith-pyo3==0.1.0rc2","langsmith-pyo3==0.1.0rc1","v0.1.146","v0.1.145","v0.1.144","v0.1.144rc1","v0.1.143","v0.1.142","v0.1.141","v0.1.140","v0.1.139","v0.1.139rc2","v0.1.139rc1","v0.1.138","v0.1.138rc2","v0.1.138rc1","v0.1.137","v0.1.136","v0.1.135","v0.1.134","v0.1.133","v0.1.132","v0.1.131","v0.1.130","v0.1.129","v0.1.128","v0.1.127","v0.1.126","v0.1.125","v0.1.124","v0.1.123","v0.1.122","v0.1.121","v0.1.120","v0.1.119","v0.1.118","v0.1.117","v0.1.116","v0.1.115","v0.1.114","v0.1.113","v0.1.112","v0.1.111","v0.1.110","v0.1.109","v0.1.108","v0.1.107","v0.1.106","v0.1.105","v0.1.104","v0.1.103","v0.1.102","v0.1.101","v0.1.100","v0.1.99","v0.1.98","v0.1.97","v0.1.96","v0.1.95","v0.1.94","v0.1.93","v0.1.92","v0.1.91","v0.1.90","v0.1.88","v0.1.89","v0.1.87","v0.1.86","v0.1.85","v0.1.84","v0.1.83","v0.1.82","v0.1.81","v0.1.80","v0.1.79","v0.1.78","v0.1.77","v0.1.76","v0.1.75","v0.1.74","v0.1.73","v0.1.72","v0.1.71","v0.1.70","v0.1.69","v0.1.68","v0.1.67","v0.1.66","v0.1.65","v0.1.64","v0.1.63","v0.1.62","v0.1.61","v0.1.60","v0.1.59","v0.1.58","v0.1.57","v0.1.56","v0.1.55","v0.1.53","v0.1.54","v0.1.52","v0.1.51","v0.1.50","v0.1.49","v0.1.48","v0.1.47","v0.1.46","v0.1.45","v0.1.44","v0.1.42","v0.1.40","v0.1.39","v0.1.38","v0.1.37","v0.1.36","v0.1.34","v0.1.33","v0.1.31","v0.1.30","v0.1.29","v0.1.28","v0.1.27","v0.1.26","v0.1.25","v0.1.24","v0.1.23","v0.1.22","v0.1.21","v0.1.20","v0.1.19","v0.1.18","v0.1.17","v0.1.16","v0.1.15","v0.1.14","v0.1.13","v0.1.12","v0.1.11","v0.1.10","v0.1.9","v0.1.8","v0.1.7","v0.1.6","v0.1.5","v0.1.4","v0.1.3","v0.1.2","v0.1.1","v0.1.0","v0.0.92","v0.0.91","v0.0.90","v0.0.89","v0.0.88","v0.0.87","v0.0.86","v0.0.85","v0.0.84","v0.0.83","v0.0.82","v0.0.81","v0.0.80","v0.0.79","v0.0.78","v0.0.77","v0.0.76","v0.0.75","v0.0.74","v0.0.73","v0.0.72","v0.0.71","v0.0.70","v0.0.69","v0.0.68","v0.0.67","v0.0.66","v0.0.65","v0.0.64","v0.0.63","v0.0.62","v0.0.61","v0.0.60","v0.0.59","v0.0.58","v0.0.57","v0.0.56","v0.0.55","v0.0.54","v0.0.47","v0.0.53","v0.0.52","v0.0.51","v0.0.50","v0.0.49","v0.0.48","v0.0.46","v0.0.45","v0.0.44","v0.0.43","v0.0.42","v0.0.41","v0.0.40","v0.0.39","v0.0.38","v0.0.37","v0.0.36","v0.0.35","v0.0.34","v0.0.33","v0.0.32","v0.0.31","v0.0.30","v0.0.29","v0.0.28","v0.0.27","v0.0.26","v0.0.25","v0.0.24","v0.0.23","v0.0.22","v0.0.21","v0.0.20","v0.0.19","v0.0.18","v","v0.0.17","v0.0.16","v0.0.15","v0.0.14","v0.0.13","v0.0.12","v0.0.11","v0.0.10","v0.0.9","v0.0.8","v0.0.7","v0.0.6","v0.0.5","v0.0.4","v0.0.3","v0.0.2","v0.0.1-rc4","v0.0.1-rc3","v0.0.1-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45134.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}]}