Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Apple Hide My Email Flaw Exposed Real User Email Addresses
July 1, 2026
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Home/Vulnerabilities/Critical LangSmith Vulnerability Allows Account Takeover
Vulnerabilities

Critical LangSmith Vulnerability Allows Account Takeover

Key Takeaways A critical vulnerability, CVE-2026-25750, was discovered in LangSmith, a platform for monitoring large language model data. The flaw could enable account takeover and token theft due to...

Jennifer sherman
Jennifer sherman
March 18, 2026 3 Min Read
26 0

Key Takeaways

  • A critical vulnerability, CVE-2026-25750, was discovered in LangSmith, a platform for monitoring large language model data.
  • The flaw could enable account takeover and token theft due to an insecure API configuration that failed to validate the baseUrl parameter.
  • Successful exploitation could expose sensitive AI trace histories, proprietary source code, financial data, customer information, and AI model system prompts.
  • LangChain has issued a patch, implementing a strict allowed origins policy to validate API base URLs.
  • Cloud users are already protected, while self-hosted administrators must update to LangSmith version 0.12.71 or Helm chart langsmith-0.12.33 or later.

Cybersecurity researchers at Miggo Security have uncovered a severe vulnerability in LangSmith, an essential platform for debugging and monitoring large language model (LLM) data. Designated as CVE-2026-25750, this critical flaw could allow attackers to steal user tokens and achieve complete account takeover, posing significant risks to enterprise AI environments that process billions of events daily.

Table Of Content

  • Key Takeaways
  • Technical Breakdown of the Vulnerability
  • The Account Takeover Attack Chain
  • Broader Implications of an AI Platform Compromise
  • Mitigation and Updates
  • What You Should Do

Technical Breakdown of the Vulnerability

The core of the vulnerability lies within LangSmith Studio’s API configuration, specifically its handling of the baseUrl parameter. This parameter is designed to offer developers flexibility, enabling their frontend applications to retrieve data from various backend APIs. However, prior to the patch, the system implicitly trusted the input provided via this parameter without performing crucial validation of the destination domain.

This absence of validation created a critical security loophole. An authenticated LangSmith user who visited a malicious website or clicked a specially crafted link containing an attacker-controlled base URL could inadvertently direct their browser to send API requests and active session credentials to a hostile server. This silent redirection bypasses the need for traditional phishing, where users manually input their credentials.

The Account Takeover Attack Chain

The exploitation process for this vulnerability does not rely on users actively submitting credentials. Instead, it leverages the victim’s existing authenticated session. The attack unfolds when an authenticated victim navigates to a malicious webpage or a legitimate site compromised with malicious JavaScript. This script then forces the victim’s browser to load a manipulated LangSmith Studio URL, which points to an attacker-controlled server.

As a result, the victim’s browser unknowingly transmits its active session credentials to the malicious domain rather than the legitimate LangSmith server. The attacker can then intercept this session token. Miggo researchers noted that the attacker has a five-minute window to hijack the account before the session token automatically expires. The visual diagram illustrates the end-to-end flow of the Account Takeover attack (Source: Miggo).

Broader Implications of an AI Platform Compromise

An account takeover within an AI observability platform like LangSmith carries unique and potentially far-reaching consequences beyond typical unauthorized access. Attackers who gain control of a LangSmith account can access detailed AI trace histories, which often contain raw execution data crucial for debugging.

Successful exploitation could expose highly sensitive information, including raw data returned from internal databases, proprietary source code, confidential financial records, or private customer data. Furthermore, threat actors could steal system prompts, which are integral to defining the proprietary behavior and intellectual property embedded within an organization’s AI models. Attackers could also modify project settings or delete critical observability workflows, disrupting operations and intellectual property.

Mitigation and Updates

LangChain has addressed the vulnerability by implementing a stringent allowed origins policy, as detailed in a report by Miggo. The platform now mandates that domains must be explicitly pre-configured as trusted origins within account settings before they can be accepted as an API base URL. Any requests originating from unauthorized base URLs are automatically blocked.

According to the official LangSmith Security Advisory, published on January 7, 2026, there is currently no evidence of this vulnerability being actively exploited in the wild. Cloud customers of LangSmith are already protected, as the vulnerability was fully resolved on the LangSmith Cloud platform by December 15, 2025. However, administrators managing self-hosted LangSmith deployments must take immediate action to secure their environments.

What You Should Do

  • For Self-Hosted LangSmith Administrators: Immediately upgrade your deployments to LangSmith version 0.12.71, or Helm chart langsmith-0.12.33, or later versions.
  • For Cloud LangSmith Users: No immediate action is required, as the LangSmith Cloud platform was patched by December 15, 2025.
  • Implement General Security Best Practices: Encourage users to exercise caution when clicking on unfamiliar links or visiting untrusted websites, even though this attack does not require manual credential entry.
  • Monitor for Suspicious Activity: Regularly review audit logs and activity within your LangSmith accounts for any unusual or unauthorized changes.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchphishingSecurityThreatVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Iran-Linked Cyber Campaigns Align with Electronic and Psychological Warfare

Next Post

Critical IPVanish VPN for macOS flaw lets attackers escalate privileges

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Citrix NetScaler ADC and Gateway Bugs Allow DoS, Memory Overflow
July 1, 2026
Critical Vulnerability in Windows Drivers Lets Attackers Disable Security Software
July 1, 2026
Automotive Manufacturer Boosts SOC Triage Speed, Closes Supplier Security Gap
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us