CVE-2023-36188
Published: 06 July 2023
Summary
CVE-2023-36188 is a critical-severity Injection (CWE-74) vulnerability in Langchain Langchain. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 6.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as NLP and Transformers.
Deeper analysis
CVE-2023-36188 is a remote code execution vulnerability in LangChain version 0.0.64 that stems from unsafe handling of the PALChain parameter, which is passed directly to Python's exec method. The flaw is tracked under CWE-74 and carries a CVSS 3.1 score of 9.8, reflecting network attackability without authentication or user interaction.
A remote attacker can supply a malicious PALChain value to trigger arbitrary code execution on the affected system, resulting in full confidentiality, integrity, and availability impact. The current and peak EPSS scores both stand at 0.1119 with no material increase after disclosure.
Public references point to a GitHub issue and an associated pull request that address the problem in the LangChain repository.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-0110
Vulnerability details
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: langchain
Related Threats
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.