LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

Description

A redirect-based Server-Side Request Forgery (SSRF) bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation.

Recommendation

Update the @langchain/community package to the latest compatible version. Followings are version details:

• Affected version(s): <= 1.1.17
• Patched version(s): 1.1.18

References

• GHSA-mphv-75cg-56wg
• CVE-2026-27795
• CWE-918
• CAPEC-310
• OWASP 2021-A10
• OWASP 2021-A6

Related Issues

• @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation - CVE-2026-26019
• Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration - CVE-2026-45715
• nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect) - CVE-2026-44589
• Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4) - CVE-2026-41321

You might also like:

Apache and Express Path Traversal plus Nginx Restriction Bypass Tests with SmartScanner

CSRF, XXE, and 12 Other Security Acronyms Explained

Update Cheat Sheet for Developers

Tags:

npm

@langchain/community