LangChain Path Traversal and Insecure Configuration Loading

Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include file-search agent middleware, prompt/chain/agent configuration loaders, and path-prefix authorization checks.

Users who expose an agent with filesystem-search middleware over a directory and accept prompts or retrieved content influenced by untrusted sources; load prompt or chain/agent configuration from untrusted or shared sources; or rely on path-prefix restrictions to confine tool file access.

Update to the latest patched version of LangChain. Confine filesystem-backed agent tools to a dedicated directory and prefer running them sandboxed/containerized. Validate path and identifier inputs where untrusted input enters. Do not enable dangerous loading for configuration whose origin you do not control.