CVE-2026-25750: URL Parameter Injection Vulnerability in LangSmith Studio
Executive Summary
Section titled “Executive Summary”CVE-2026-25750 describes a critical URL parameter injection vulnerability within LangSmith Studio, affecting versions prior to 0.12.71. The vulnerability facilitates unauthorized access to user accounts via the exfiltration of sensitive authentication tokens. Successful exploitation permits an attacker to impersonate a victim and perform unauthorized actions within the affected workspace.
Technical Analysis
Section titled “Technical Analysis”The vulnerability exists in the handling of the baseUrl parameter within LangSmith Studio. Insufficient input validation allows for the injection of arbitrary URL parameters. When an authenticated user interacts with a specially crafted malicious link, the application inadvertently transmits the user’s bearer token, user ID, and workspace ID to an attacker-controlled server.
The impact is significant, as the stolen tokens enable full impersonation of the victim’s session. Although the tokens possess a limited lifespan of five minutes, repeated exploitation remains feasible through persistent social engineering tactics. Both LangSmith Cloud and self-hosted environments are susceptible to this threat.
Exploit Workflow
Section titled “Exploit Workflow”The exploit mechanism relies on client-side URL parameter injection, necessitated by social engineering techniques such as phishing. Upon clicking a malicious link, the client’s session state is disclosed to an external, unauthorized entity. This capability provides a bridge for unauthorized access to sensitive LangSmith resources.
Mitigation and Remediation
Section titled “Mitigation and Remediation”Validation of user-defined allowed origins for the baseUrl parameter was implemented in version 0.12.71 to mitigate this vulnerability. All self-hosted customers are mandated to upgrade to version 0.12.71 or later. Furthermore, restricting network access from LangSmith self-hosted instances to unauthorized external networks serves as a recommended compensatory control.
Forensic Artifacts and Detection
Section titled “Forensic Artifacts and Detection”Monitoring for unusual network activity is essential for the identification of potential exploitation attempts. Indicators of compromise (IOCs) include unexpected external redirects and unauthorized outbound traffic originating from LangSmith Studio instances.
title: Suspicious Outbound Redirect from LangSmith Studiostatus: experimentaldescription: Detects outbound network traffic or redirects from LangSmith Studio to non-whitelisted external domains, possibly indicating token exfiltration via baseUrl parameter injection.logsource: category: network_connection product: firewalldetection: selection: DestinationDomain|notin: ['trusted-langchain-domain.com'] SourceApplication: 'LangSmith-Studio' condition: selectionlevel: high