CVE-2026-25750 – LangSmith – Unauthorized Access and Data Exposure
“When observability tools leak data, every model interaction becomes a liability.”
LangSmith patched a high-severity vulnerability that could allow unauthorized access to sensitive data within its observability and logging platform. The issue stems from insufficient access controls, potentially exposing prompts, responses, and associated metadata to unintended users.
CVE-2026-25750 has a CVSS score of 8.5, which is High severity. The vulnerability poses a significant risk to organizations relying on LangSmith for monitoring LLM applications, as it may lead to leakage of proprietary data, user inputs, or internal workflows.
The patch strengthens authentication and access control enforcement to ensure that only authorized users can access stored data. There is no confirmed real-world exploitation at this time.
Key Details
- Affected Product
- Langchain Langsmith
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-74