CVE-2026-26019
web crawler vulnerability in community (npm)
What is CVE-2026-26019 About?
This vulnerability is a Server-Side Request Forgery (SSRF) in the `RecursiveUrlLoader` web crawler due to inadequate URL validation, allowing it to follow attacker-controlled links outside its intended scope and access internal infrastructure. This can lead to sensitive information disclosure or internal network compromise, and is relatively easy to exploit by an attacker who can influence crawled content.
Affected Software
Technical Details
The RecursiveUrlLoader in @langchain/community uses String.startsWith() for its preventOutside option, which is insufficient for semantic URL validation. This allows an attacker to craft URLs like https://example.com.attacker.com that bypass the startsWith check against https://example.com, causing the crawler to visit attacker-controlled domains. Furthermore, the crawler performs no validation against private or reserved IP addresses, enabling it to fetch content from cloud metadata services (e.g., 169.254.169.254), localhost, or RFC 1918 addresses if linked from a crawled page. This combination allows for both external redirection and internal network access/SSRF.
What is the Impact of CVE-2026-26019?
Successful exploitation may allow attackers to fetch sensitive cloud instance metadata, access internal services on private networks, connect to localhost services, and exfiltrate data via attacker-controlled redirect chains.
What is the Exploitability of CVE-2026-26019?
Exploitation requires an attacker to be able to influence the content of a page being crawled, for instance, by placing a malicious link on a public-facing page, forum, or through user-generated content. There are no authentication requirements for the attacker, but the vulnerability is limited by the crawler processing the attacker-controlled link. The access required is remote, as the attacker injects links to be processed by the remote crawler. The primary risk factor is the deployment of RecursiveUrlLoader on infrastructure with access to cloud metadata or internal services, which is common in cloud-hosted environments.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2026-26019?
Available Upgrade Options
- @langchain/community
- <1.1.14 → Upgrade to 1.1.14
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/langchain-ai/langchainjs/pull/9990
- https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14
- https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7
- https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d
- https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14
- https://osv.dev/vulnerability/GHSA-gf3v-fwqg-4vh7
- https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d
- https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7
- https://github.com/langchain-ai/langchainjs
- https://github.com/langchain-ai/langchainjs/pull/9990
What are Similar Vulnerabilities to CVE-2026-26019?
Similar Vulnerabilities: CVE-2026-25765 , CVE-2026-26013 , CVE-2023-45802 , CVE-2022-26134 , CVE-2021-44228
