CVE-2026-30617: Remote Code Execution in LangChain-ChatChat

Executive Summary

LangChain-ChatChat 0.3.1 contains a critical remote code execution (RCE) vulnerability. The flaw allows unauthenticated remote attackers to configure an MCP STDIO server with attacker-controlled commands, which are subsequently executed by the application without sufficient validation. This vulnerability, identified as CVE-2026-30617, poses a severe risk to service availability and data integrity.

Technical Analysis

The vulnerability exists within the MCP STDIO server configuration and execution handling logic of LangChain-ChatChat. Specifically, user-supplied command and argument values are passed to StdioServerParameters without sanitization or an approved allowlist.

When a malicious MCP server configuration is applied and the MCP is enabled for agent execution, the application triggers execution of these commands as a subprocess under the privileges of the LangChain-ChatChat process.

Exploitation Flow

Access: The attacker accesses the publicly exposed MCP management interface of the target LangChain-ChatChat service.
Configuration: The attacker adds a new MCP STDIO server configuration, injecting malicious commands and arguments into the JSON payload.
Execution: Once the MCP server is initialized and the agent activity commences, the application processes the malformed configuration, leading to command injection and execution on the underlying host.

Detection

Process Monitoring

Monitor for child processes of the LangChain-ChatChat service user that correlate with suspicious shell or scripting activity.

Configuration Audit

Regularly audit the MCP management interface and configuration files for unauthorized or unexpected STDIO server definitions.

Mitigation

Upgrade LangChain-ChatChat to a patched version once available. In the interim, restrict access to the MCP management interface and ensure that the application is running with minimal necessary privileges.

Sources

OX Security Advisory: MCP Supply Chain RCE Vulnerabilities