Langchain URL Parameter Injection Vulnerability in LangSmith Studio Allows Token Theft

A URL parameter injection vulnerability has been identified in LangSmith Studio, affecting Langchain Helm Charts prior to version 0.12.71. This vulnerability could lead to unauthorized access to user accounts by allowing the theft of authentication tokens. The issue impacts both LangSmith Cloud and self-hosted deployments. Authenticated users who clicked on specially crafted malicious links would inadvertently send their bearer token, user ID, and workspace ID to an attacker-controlled server. With the stolen token, an attacker could impersonate the user and access any resources or perform actions authorized within their workspace. The vulnerability required social engineering to convince users to click the malicious links. Although the stolen tokens expired after five minutes, attackers could repeatedly target the same user if they were persuaded to click the links multiple times.

Impact

Exploitation of this vulnerability allowed for the theft of authentication tokens, enabling attackers to impersonate victims and access their LangSmith resources or perform actions within their workspace.

Remediation

Langsmith Cloud users have been patched as of December 20, 2025. Self-hosted customers must upgrade to version 0.12.71 or later. The fix requires user-defined allowed origins for the baseUrl parameter, preventing tokens from being sent to unauthorized servers.