External risk intelligence

LangSmith SDK Prototype Pollution Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-40190

This vulnerability exists in a client-side SDK library used within Node.js applications to interact with an external platform. It is not a network-facing service, appliance, or gateway itself, but rather a development library dependency that processes data locally within the application's runtime.

Langchain Langsmith

before 0.5.18

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability in the LangSmith Client SDK for Node.js could allow an attacker to alter core JavaScript objects within the application's runtime environment, potentially impacting application behavior. While this vulnerability exists in a development library and not a direct network-facing service, its exploitable nature and critical severity warrant a review of its presence in your environment.

  • Code flaw lets attackers alter program objects.
  • Impacts application logic if exploited.
  • Confirm relevance and exposure in your environment.

Attack Path

How an attacker could exploit the issue

An attacker could leverage this flaw by sending specially crafted data to a Node.js application that uses the affected SDK. If the application processes this data through its `createAnonymizer()` function, the attacker could manipulate JavaScript objects within the application's runtime, potentially leading to broader system compromise.

  • Requires control over data processed by an API.
  • Triggered by prototype pollution via `constructor.prototype`.
  • Risk of widespread object corruption.

Live Threat

Current exploitation, exposure, and threat context

When supported by the advisory, an attacker could potentially affect all objects within a Node.js process by polluting the Object.prototype. This occurs when an attacker controls keys in data processed by the createAnonymizer() API, leading to unintended service behavior.

  • System objects and data could be at risk.
  • Attacker-controlled data processed by the API could cause pollution.
  • Service behavior could be altered, affecting all objects.

Operational Fix

Recommended remediation, mitigation, and detection steps

The LangSmith client SDK is a Node.js development library. Owners of applications that incorporate this SDK should first identify all Node.js processes utilizing the affected SDK and confirm if they handle untrusted input via the `createAnonymizer()` API. Subsequently, coordinate with the platform or application owners to plan remediation, prioritizing critical or exposed instances.

  • Application owners should take ownership.
  • Verify untrusted input via `createAnonymizer()`.
  • Plan remediation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the LangSmith JavaScript/TypeScript SDK?

The LangSmith SDK is a library for Node.js developers that simplifies communication between their applications and the LangSmith platform. It serves as a connector, allowing developers to instrument and monitor their AI workflows. Because it is a dependency integrated directly into application code, it runs within the application's own process to handle data tasks like anonymization.

How does CVE-2026-40190 cause prototype pollution?

This vulnerability is a form of Improper Control of Generation of Code, specifically CWE-1321 or prototype pollution. It occurs because an internal utility used by the SDK fails to properly sanitize input. By targeting the 'constructor.prototype' key, an attacker can inject properties into the base JavaScript Object. This effectively alters the behavior of all objects within the running Node.js process, potentially overriding intended logic.

What triggers the vulnerability in the LangSmith SDK?

The flaw is triggered specifically when an application passes attacker-controlled data into the 'createAnonymizer()' API. If that data contains malicious keys designed to traverse the object prototype, the SDK incorrectly processes them. It is important to note that simply having the SDK installed does not trigger the bug; the application must actively use this specific API to handle untrusted input.

Is my application at risk if it uses this SDK?

Risk depends on how your application uses the library. According to Halo Surface Signal, this is a client-side SDK dependency, not a network-facing service or gateway. While local processing risks exist, the vulnerability is not automatically exposed to the internet. You should focus on whether your Node.js application takes input from external users and passes that data directly into the 'createAnonymizer()' function.

What should I do to fix this LangSmith vulnerability?

The primary resolution is to update the LangSmith JavaScript/TypeScript SDK to version 0.5.18 or later, which contains the corrected logic for handling object assignments. Before updating, perform an audit of your Node.js environments to identify where the SDK is in use. Prioritize applications that process untrusted data through the affected anonymizer function, as these represent the highest potential for impact.

References