A common denominator in AI agent framework CVEs: Validation

January 12, 2026 Yanac

Been researching LangChain/LlamaIndex vulnerabilities. Same pattern keeps appearing: validation checks the string, attacks exploit how the system interprets it. CVE Issue CVE-2024-3571 Checked for .. but didn’t normalize. Path traversal. CVE-2024-0243 Validated URL but not redirect destination. SSRF. CVE-2025-2828 No IP restrictions on RequestsToolkit. CVE-2025-3046 Validated path string, didn’t resolve symlinks. CVE-2025-61784 Checked URL format, didn’t resolve IP. SSRF. Regex for .. fails when path is /data/foo%2f..%2f..%2fetc/passwd. Blocklist for 127.0.0.1 fails when URL is http://2130706433/. The fix needs to ensure we are validating in the same semantic space as execution. More regex won’t save us. Resolve the symlink before checking containment. Resolve DNS before checking the IP. Full writeup with code examples: https://niyikiza.com/posts/map-territory/ submitted by /u/Impossible_Ant1595 [link] [comments]Technical Information Security Content & DiscussionRead More