Topic

#cve

3 articles exploring cve. Expert insights and analysis from our editorial team.

Showing 1–3 of 3 articles
Related topics:
langchain path-traversal llm-security api-deprecation arbitrary-file-read symlink-bypass

Articles

Newest first
Security

LangChain CVE-2026-34070: load_prompt Path Traversal Patched in 1.2.22, Symlink Bypass Left Open

LangChain CVE-2026-34070 (CVSS 7.5) enables arbitrary file reads via load_prompt traversal; langchain-core 1.2.22 patches direct traversal but leaves a symlink bypass open.
Security

March–April MCP CVEs Expose the Local-Host Trust Model in AI Agent Frameworks

Three CVEs scoring up to 9.8 reveal a structural flaw: MCP's local-host trust model lacks authentication primitives for networked multi-tenant deployments.
Security

Marimo's CVE-2026-39987 Pre-Auth RCE Puts AI Notebooks on the Same CVE Treadmill as Inference Servers

CVE-2026-39987 skipped auth on Marimo's /terminal/ws, handing any caller a root PTY shell (CVSS 9.3) — exploited in the wild just 9h 41m after the advisory.
Browse All Topics