Cyber Resilience

CVE-2024-3571

HighPublic PoC

Published: 16 April 2024

Published
16 April 2024
Modified
29 July 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0192 83.7th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3571 is a high-severity Path Traversal (CWE-22) vulnerability in Langchain Langchain. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 16.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: Adversarial AI Attack Implementations (AML.T0016.000), Hardware (AML.T0010.000), Infer Training Data Membership (AML.T0024.000).

EU & UK References

Vulnerability details

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading…

more

to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
LangChain is an open-source framework for developing applications powered by large language models (LLMs), including AI agents, chains, and integrations with various tools and models. The vulnerability is in its LocalFileStore functionality, which is part of its runtime components for handling files in AI agent workflows.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Path traversal vulnerability enables arbitrary file read/write on the filesystem, facilitating data collection from local system (T1005), file and directory discovery (T1083), and access to credentials in files (T1081).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0016.000: Adversarial AI Attack ImplementationsAML.T0010.000: HardwareAML.T0024.000: Infer Training Data MembershipAML.T0051.000: DirectAML.T0048.000: Financial Harm

Affected Assets

langchain
langchain
0.0.351

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References