Cyber Resilience

CVE-2024-27444

Critical

Published: 26 February 2024

Published
26 February 2024
Modified
14 July 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 34.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-27444 is a critical-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Langchain Langchain-Experimental. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 34.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, or __base__ attribute in Python code. These are not prohibited by…

more

pal_chain/base.py.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

langchain
langchain-experimental
≤ 0.1.8

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-749

Explicitly prohibiting dangerous or unnecessary functions and services prevents exposure of methods that could be directly exploited.

addresses: CWE-749

Minimal functionality removes or avoids exposure of dangerous methods and functions.

References