CVE-2026-41488 | langchain-ai langchain-openai up to 1.1.13 DNS Resolution _url_to_size server-side request forgery (GHSA-r7w7-9xr2-qq2r)

Inserito da Angelo Barbosa | Apr 25, 2026 | CVE

A vulnerability labeled as critical has been found in langchain-ai langchain-openai up to 1.1.13. This issue affects the function _url_to_size of the component DNS Resolution Handler. Executing a manipulation can lead to server-side request forgery.

This vulnerability is tracked as CVE-2026-41488. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-41488 | langchain-ai langchain-openai up to 1.1.13 DNS Resolution _url_to_size server-side request forgery (GHSA-r7w7-9xr2-qq2r)

Post correlati

CVE-2025-4745 | code-projects Employee Record System 1.0 current_employees.php employeed_id/first_name/middle_name/last_name cross site scripting

CVE-2025-10116 | SiempreCMS up to 1.3.6 file_upload.php unrestricted upload

CVE-2025-4291 | IdeaCMS up to 1.6 saveUpload unrestricted upload (IC32SB)

CVE-2025-21724 | Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1 iova_bitmap_offset_to_index out-of-bounds