LangChain path traversal bug raises AI pipeline risks
🛡️ Cyera researchers warn that insufficient input validation in AI orchestration tools can expose sensitive enterprise data. A newly disclosed path traversal flaw in LangChain (CVE-2026-34070) lets crafted input resolve paths outside intended directories and read arbitrary host files. Cyera analyzed that alongside an earlier unsafe deserialization issue (CVE-2025-68664) and a SQL injection affecting LangGraph checkpointing (CVE-2025-67644), showing how each flaw maps to distinct data exposures. Maintainers have released fixes; organizations should apply patches and adopt allowlists, sandboxing, safe deserialization practices, and parameterized queries immediately.
