Product

Langsmith

1 brief RSS

LangSmith SDK Untrusted Manifest Deserialization Vulnerability

The LangSmith SDK is vulnerable to untrusted manifest deserialization when pulling public prompts via `pull_prompt`, potentially leading to SSRF, prompt injection, or sensitive data exposure; CVE-2026-45134.

langsmith +2 deserialization ssrf prompt-injection

2r 3t 59m ago