CVE-2026-44843: One Chat Message Steals Your Credentials. Then It Gets Worse!
CVE-2026-44843: LangChain Vulnerability Allows Credential Theft and Prompt Manipulation
• CVE-2026-44843 is a vulnerability in LangChain's framework plumbing, specifically the tracer component, that allows an attacker to gain admin access to a victim's LangSmith workspace.
• The exploit chain begins with a single chat message containing a specially crafted payload, which is then deserialized by the LangChain tracer.
• This payload can trigger the instantiation of classes like HubRunnable, which makes outbound network requests and can exfiltrate LangSmith API keys from the server's environment.
• The stolen API key grants attackers write access to production prompts, allowing them to silently modify prompts and control the AI application's behavior.
• The vulnerability was patched in langchain-core versions 1.3.3 and 0.3.85, and users are advised to upgrade to prevent exploitation.