VU#949137: Langchaingo support... Note

VU#949137: Langchaingo supports jinja2 and gonja for syntax parsing, allowing for arbitrary file read

LangChainGo, a Go implementation of the LLM framework LangChain, has a critical arbitrary file read vulnerability. This vulnerability, identified as CVE-2025-9556, stems from its use of the Gonja template engine, which supports Jinja2 syntax. Attackers can exploit this by injecting malicious content into prompts, triggering server-side template injection. The Gonja engine's ability to include external files via directives like {% include %} allows attackers to read sensitive files. This could expose data such as /etc/password, compromising system confidentiality. In chatbot applications built with LangChainGo, attackers only need prompt access to exploit this flaw. The vulnerability allows unauthorized access to sensitive information stored on the victim's server. This exposure can facilitate further system compromise. Fortunately, the LangChainGo maintainer has released an update addressing this issue. The new version includes a secure RenderTemplateFS function that blocks filesystem access by default. Users are strongly advised to update to the latest version to mitigate this security risk.