This release includes 1 security fix for security teams reviewing exposed deployments.
Published 27d
AI Agents & Assistants
✓ No known CVEs patched
This release patches 1 known CVE
Topics
agents
ai
ai-agents
anthropic
chatgpt
deepagents
+11 more
enterprise
gemini
generative-ai
langchain
langgraph
llm
multiagent
openai
pydantic
python
typescript
Summary
AI summaryFixed CVE-2026-34070 path‑traversal vulnerability.
Full changelog
Changes since langchain-core==0.3.85
release(core): 0.3.86 (#37242)
fix(core): backport path-traversal fix to v0.3 (CVE-2026-34070, GHSA-qh6h-p6c9-ff54) (#37233)
Security Fixes
- CVE-2026-34070 — path‑traversal vulnerability (GHSA-qh6h-p6c9-ff54) fixed in backport
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Earlier breaking changes
- vlangchain-core==1.4.0 Deletes schema items marked for removal in schemas.py
- vlangchain-core==1.4.0 Deletes function_calling.py utils marked for removal
- vlangchain-core==1.4.0 Deletes get_relevant_documents function from API
- vlangchain-core==1.4.0 Deletes pydantic_v1 module entirely from codebase
- vlangchain-core==1.4.0 Deletes BaseMemory module, moved to langchain-classic
Beta — feedback welcome: [email protected]