AI agent secret compromise possible with critical langchain-core vulnerability

Widely used agentic AI framework and app dependency langchain-core has been impacted with the critical LangGrinch vulnerability, tracked as CVE-2025-68664, which could be leveraged to facilitate secret exfiltration and remote code execution, according to SiliconANGLE. Abuse of the flaw through the injection of prompts that generate outputs with LangChain's internal marker key could prompt total environment variable theft, compromising not only cloud provider credentials, database, and RAG connection strings, but also large language model API keys and vector database secrets, a report from Cyata Security revealed. "What makes this finding interesting is that the vulnerability lives in the serialization path, not the deserialization path. In agent frameworks, structured data produced downstream of a prompt is often persisted, streamed, and reconstructed later. That creates a surprisingly large attack surface reachable from a single prompt," said Cyata security researcher Yarden Porat. Fixes have already been issued for the vulnerability upon notification to LangChain maintainers.