CVE-2026-41481 | langchain-ai langchain-text-splitters up to 1.1.1 HTMLHeaderTextSplitter.split_text_from_url server-side request forgery (GHSA-fv5p-p927-qmxr)

Inserito da Angelo Barbosa | Apr 25, 2026 | CVE

A vulnerability described as critical has been identified in langchain-ai langchain-text-splitters up to 1.1.1. The affected element is the function HTMLHeaderTextSplitter.split_text_from_url. The manipulation results in server-side request forgery.

This vulnerability is cataloged as CVE-2026-41481. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.

CVE-2026-41481 | langchain-ai langchain-text-splitters up to 1.1.1 HTMLHeaderTextSplitter.split_text_from_url server-side request forgery (GHSA-fv5p-p927-qmxr)

Post correlati

CVE-2024-36575 | getsetprop 1.1.0 global.accessor prototype pollution

CVE-2024-3999 | EazyDocs Plugin up to 2.4.x on WordPress Setting cross site scripting

CVE-2025-15203 | SohuTV CacheCloud up to 3.2.0 ResourceController.java index cross site scripting (Issue 375)

CVE-2025-22949 | Tenda AC9 15.03.05.19 /goform/SetSambaCfg command injection