LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access (for example a low-privilege workspace member, a contractor, or a compromised teammate account) gains the ability to read files from any server running TracingMiddleware, a capability outside that workspace's intended trust boundary. This vulnerability is fixed in 0.8.18.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 06 Jul 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Langchain-ai
Langchain-ai langsmith-sdk |
|
| Vendors & Products |
Langchain-ai
Langchain-ai langsmith-sdk |
Mon, 06 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access (for example a low-privilege workspace member, a contractor, or a compromised teammate account) gains the ability to read files from any server running TracingMiddleware, a capability outside that workspace's intended trust boundary. This vulnerability is fixed in 0.8.18. | |
| Title | Arbitrary server-side file read in LangSmith SDK TracingMiddleware | |
| Weaknesses | CWE-22 CWE-346 CWE-843 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-06T14:26:55.765Z
Reserved: 2026-07-02T16:50:27.886Z
Link: CVE-2026-59152
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-06T16:30:03Z