Vulnerability Details CVE-2026-41488
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 3.1
Products affected by CVE-2026-41488
-
cpe:2.3:a:langchain:langchain-openai:0.1.10
-
cpe:2.3:a:langchain:langchain-openai:0.1.11
-
cpe:2.3:a:langchain:langchain-openai:0.1.12
-
cpe:2.3:a:langchain:langchain-openai:0.1.13
-
cpe:2.3:a:langchain:langchain-openai:0.1.14
-
cpe:2.3:a:langchain:langchain-openai:0.1.15
-
cpe:2.3:a:langchain:langchain-openai:0.1.16
-
cpe:2.3:a:langchain:langchain-openai:0.1.17
-
cpe:2.3:a:langchain:langchain-openai:0.1.19
-
cpe:2.3:a:langchain:langchain-openai:0.1.20
-
cpe:2.3:a:langchain:langchain-openai:0.1.21
-
cpe:2.3:a:langchain:langchain-openai:0.1.22
-
cpe:2.3:a:langchain:langchain-openai:0.1.23
-
cpe:2.3:a:langchain:langchain-openai:0.1.24
-
cpe:2.3:a:langchain:langchain-openai:0.1.25
-
cpe:2.3:a:langchain:langchain-openai:0.1.5
-
cpe:2.3:a:langchain:langchain-openai:0.1.6
-
cpe:2.3:a:langchain:langchain-openai:0.1.7
-
cpe:2.3:a:langchain:langchain-openai:0.1.8
-
cpe:2.3:a:langchain:langchain-openai:0.1.9
-
cpe:2.3:a:langchain:langchain-openai:0.2.0
-
cpe:2.3:a:langchain:langchain-openai:0.2.1
-
cpe:2.3:a:langchain:langchain-openai:0.2.10
-
cpe:2.3:a:langchain:langchain-openai:0.2.11
-
cpe:2.3:a:langchain:langchain-openai:0.2.12
-
cpe:2.3:a:langchain:langchain-openai:0.2.13
-
cpe:2.3:a:langchain:langchain-openai:0.2.14
-
cpe:2.3:a:langchain:langchain-openai:0.2.2
-
cpe:2.3:a:langchain:langchain-openai:0.2.3
-
cpe:2.3:a:langchain:langchain-openai:0.2.4
-
cpe:2.3:a:langchain:langchain-openai:0.2.5
-
cpe:2.3:a:langchain:langchain-openai:0.2.6
-
cpe:2.3:a:langchain:langchain-openai:0.2.7
-
cpe:2.3:a:langchain:langchain-openai:0.2.8
-
cpe:2.3:a:langchain:langchain-openai:0.2.9
-
cpe:2.3:a:langchain:langchain-openai:0.3.0
-
cpe:2.3:a:langchain:langchain-openai:0.3.1
-
cpe:2.3:a:langchain:langchain-openai:0.3.10
-
cpe:2.3:a:langchain:langchain-openai:0.3.11
-
cpe:2.3:a:langchain:langchain-openai:0.3.12
-
cpe:2.3:a:langchain:langchain-openai:0.3.13
-
cpe:2.3:a:langchain:langchain-openai:0.3.14
-
cpe:2.3:a:langchain:langchain-openai:0.3.15
-
cpe:2.3:a:langchain:langchain-openai:0.3.16
-
cpe:2.3:a:langchain:langchain-openai:0.3.17
-
cpe:2.3:a:langchain:langchain-openai:0.3.18
-
cpe:2.3:a:langchain:langchain-openai:0.3.19
-
cpe:2.3:a:langchain:langchain-openai:0.3.2
-
cpe:2.3:a:langchain:langchain-openai:0.3.20
-
cpe:2.3:a:langchain:langchain-openai:0.3.21
-
cpe:2.3:a:langchain:langchain-openai:0.3.22
-
cpe:2.3:a:langchain:langchain-openai:0.3.23
-
cpe:2.3:a:langchain:langchain-openai:0.3.24
-
cpe:2.3:a:langchain:langchain-openai:0.3.25
-
cpe:2.3:a:langchain:langchain-openai:0.3.26
-
cpe:2.3:a:langchain:langchain-openai:0.3.27
-
cpe:2.3:a:langchain:langchain-openai:0.3.28
-
cpe:2.3:a:langchain:langchain-openai:0.3.29
-
cpe:2.3:a:langchain:langchain-openai:0.3.3
-
cpe:2.3:a:langchain:langchain-openai:0.3.30
-
cpe:2.3:a:langchain:langchain-openai:0.3.31
-
cpe:2.3:a:langchain:langchain-openai:0.3.32
-
cpe:2.3:a:langchain:langchain-openai:0.3.33
-
cpe:2.3:a:langchain:langchain-openai:0.3.34
-
cpe:2.3:a:langchain:langchain-openai:0.3.35
-
cpe:2.3:a:langchain:langchain-openai:0.3.4
-
cpe:2.3:a:langchain:langchain-openai:0.3.5
-
cpe:2.3:a:langchain:langchain-openai:0.3.6
-
cpe:2.3:a:langchain:langchain-openai:0.3.7
-
cpe:2.3:a:langchain:langchain-openai:0.3.8
-
cpe:2.3:a:langchain:langchain-openai:0.3.9
-
cpe:2.3:a:langchain:langchain-openai:1.0.0
-
cpe:2.3:a:langchain:langchain-openai:1.0.1
-
cpe:2.3:a:langchain:langchain-openai:1.0.2
-
cpe:2.3:a:langchain:langchain-openai:1.0.3
-
cpe:2.3:a:langchain:langchain-openai:1.1.0
-
cpe:2.3:a:langchain:langchain-openai:1.1.1
-
cpe:2.3:a:langchain:langchain-openai:1.1.10
-
cpe:2.3:a:langchain:langchain-openai:1.1.11
-
cpe:2.3:a:langchain:langchain-openai:1.1.12
-
cpe:2.3:a:langchain:langchain-openai:1.1.13
-
cpe:2.3:a:langchain:langchain-openai:1.1.2
-
cpe:2.3:a:langchain:langchain-openai:1.1.3
-
cpe:2.3:a:langchain:langchain-openai:1.1.4
-
cpe:2.3:a:langchain:langchain-openai:1.1.5
-
cpe:2.3:a:langchain:langchain-openai:1.1.6
-
cpe:2.3:a:langchain:langchain-openai:1.1.7
-
cpe:2.3:a:langchain:langchain-openai:1.1.8
-
cpe:2.3:a:langchain:langchain-openai:1.1.9