Skip to content

chore(deps): update dependency langchain-text-splitters to v1.1.2 [security]#2598

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/pypi-langchain-text-splitters-vulnerability
Open

chore(deps): update dependency langchain-text-splitters to v1.1.2 [security]#2598
renovate[bot] wants to merge 1 commit intomainfrom
renovate/pypi-langchain-text-splitters-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 21, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
langchain-text-splitters (changelog) 1.1.11.1.2 age adoption passing confidence

LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

CVE-2026-41481 / GHSA-fv5p-p927-qmxr

More information

Details

Summary

HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using validate_safe_url() but then performed the fetch with requests.get() with redirects enabled (the default). Because redirect targets were not revalidated, a URL pointing to an attacker-controlled server could redirect to internal, localhost, or cloud metadata endpoints, bypassing SSRF protections.

The response body is parsed and returned as Document objects to the calling application code. Whether this constitutes a data exfiltration path depends on the application: if it exposes Document contents (or derivatives) back to the requester who supplied the URL, sensitive data from internal endpoints could be leaked. Applications that store or process Documents internally without returning raw content to the requester are not directly exposed to data exfiltration through this issue.

Affected versions
  • langchain-text-splitters < 1.1.2
Patched versions
  • langchain-text-splitters >= 1.1.2 (requires langchain-core >= 1.2.31)
Affected code

File: libs/text-splitters/langchain_text_splitters/html.pysplit_text_from_url()

The vulnerable pattern validated the URL once then fetched with redirects enabled:

validate_safe_url(url, allow_private=False, allow_http=True)
response = requests.get(url, timeout=timeout, **kwargs)
Attack scenario
  1. A developer passes external URLs to split_text_from_url(), relying on its
    built-in validate_safe_url() check to block requests to internal networks.
  2. An attacker supplies a URL pointing to a public host they control. The URL
    passes validate_safe_url() (public hostname, public IP).
  3. The attacker's server responds with a 302 redirect to an internal endpoint
    (e.g., an unauthenticated internal admin API, or a cloud instance metadata
    service that does not require request headers — such as AWS IMDSv1).
  4. requests.get() follows the redirect automatically. The redirect target is
    not revalidated.
  5. The response body is parsed and returned as Document objects to the
    application.

Notes:

  • The core issue is a bypass of an explicitly provided SSRF protection.
    split_text_from_url() included validate_safe_url() specifically to be
    safe with untrusted URLs — the redirect loophole defeated that guarantee.
  • Cloud metadata endpoints that require special headers (AWS IMDSv2, GCP, Azure)
    are not reachable through this bug because the attacker does not control
    request headers. AWS IMDSv1, which requires no headers, is reachable.
  • Data exfiltration requires the application to return Document contents to the
    party that supplied the URL. The SSRF itself — forcing the server to issue a
    request to an internal endpoint — does not require this.
Fix

The fix replaces requests.get() with an SSRF-safe httpx transport (SSRFSafeSyncTransport from langchain-core) that validates DNS results and pins connections to validated IPs on every request, including redirect targets, eliminating redirect-based bypasses.

Additionally, split_text_from_url() has been deprecated. Users should fetch HTML content themselves and pass it to split_text() directly.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Agent Stack
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants