📄 Description (English)
LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition.
🤖 AI Executive Summary
CVE-2024-58340 is a Regular Expression Denial-of-Service (ReDoS) vulnerability in LangChain versions up to 0.3.1 affecting the MRKLOutputParser.parse() method. An attacker can exploit this through prompt injection to cause excessive CPU consumption and service disruption. This vulnerability is particularly critical for Saudi organizations deploying LLM-based applications in production environments, as it enables denial-of-service attacks with minimal technical barriers.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 1, 2026 21:55
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi financial institutions (SAMA-regulated banks) using LangChain for AI-powered customer service and fraud detection systems. Government agencies (NCA oversight) deploying LLM applications for citizen services face service availability risks. Healthcare organizations using AI chatbots for patient interaction are vulnerable. Telecom providers (STC, Mobily) leveraging LLMs for customer support could experience widespread service disruptions. Energy sector applications (ARAMCO, SEC) using AI for operational support are at risk. The vulnerability is particularly dangerous in multi-tenant environments where untrusted user input reaches the parser.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Telecommunications
E-commerce and Retail
Insurance
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all applications using LangChain versions ≤0.3.1 in your environment
2. Assess exposure: determine if user-controlled input can reach MRKLOutputParser.parse()
3. Implement input validation and sanitization before parser invocation
PATCHING GUIDANCE:
1. Upgrade LangChain to version 0.3.2 or later immediately
2. Test upgraded versions in staging environment before production deployment
3. Verify no breaking changes in your LLM agent implementations
COMPENSATING CONTROLS (if immediate patching not possible):
1. Implement request timeout mechanisms (set aggressive timeouts on parser operations)
2. Deploy rate limiting on LLM output processing endpoints
3. Add CPU/memory monitoring with automatic circuit breakers for parser operations
4. Implement prompt injection detection and filtering before LLM output reaches parser
5. Use Web Application Firewall (WAF) rules to detect ReDoS patterns in requests
DETECTION RULES:
1. Monitor for parser execution times exceeding 5 seconds
2. Alert on CPU spikes coinciding with LangChain parser operations
3. Log and analyze MRKLOutputParser.parse() inputs for suspicious regex patterns
4. Implement SIEM rules detecting repeated failed parsing attempts
5. Monitor for patterns like excessive backslashes, nested quantifiers in tool action outputs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع التطبيقات التي تستخدم إصدارات LangChain ≤0.3.1 في بيئتك
2. قيّم التعرض: حدد ما إذا كان يمكن للمدخلات التي يتحكم بها المستخدم الوصول إلى MRKLOutputParser.parse()
3. طبّق التحقق من صحة المدخلات والتنظيف قبل استدعاء المحلل
إرشادات التصحيح:
1. قم بترقية LangChain إلى الإصدار 0.3.2 أو أحدث على الفور
2. اختبر الإصدارات المرقاة في بيئة التجريب قبل نشرها في الإنتاج
3. تحقق من عدم وجود تغييرات كسر في تطبيقات وكيل LLM الخاصة بك
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. طبّق آليات انتهاء المهلة الزمنية على عمليات المحلل
2. نشّر تحديد معدل على نقاط نهاية معالجة مخرجات LLM
3. أضف مراقبة CPU/الذاكرة مع قواطع دوائر تلقائية لعمليات المحلل
4. طبّق الكشف عن حقن الأوامر والتصفية قبل وصول مخرجات LLM إلى المحلل
5. استخدم قواعد جدار الحماية لتطبيقات الويب للكشف عن أنماط ReDoS
قواعد الكشف:
1. راقب أوقات تنفيذ المحلل التي تتجاوز 5 ثوان
2. تنبيهات على ارتفاعات CPU المتزامنة مع عمليات محلل LangChain
3. سجل وحلل مدخلات MRKLOutputParser.parse() بحثاً عن أنماط regex مريبة
4. طبّق قواعد SIEM للكشف عن محاولات التحليل الفاشلة المتكررة
5. راقب الأنماط مثل الشرطات المائلة المفرطة والمحددات المتداخلة في مخرجات الأدوات
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.12.2.1 - Change management procedures
ECC 2024 A.5.2.1 - Information security policies and procedures
ECC 2024 A.12.1.2 - Monitoring and testing of information systems
🔵 SAMA CSF
SAMA CSF ID.BE-1 - Business Environment
SAMA CSF PR.IP-12 - Information and Output Media Protection
SAMA CSF DE.CM-1 - Detection and Analysis
SAMA CSF RS.MI-1 - Incident Mitigation
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Change management
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
ISO 27001:2022 A.14.2.1 - Secure development policy
ISO 27001:2022 A.8.1.3 - Segregation of duties
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates
PCI DSS 11.2 - Vulnerability scanning
PCI DSS 6.5.1 - Injection flaws
🔗 References & Sources 4
🔗
https://github.com/langchain-ai/langchain
disclosure@vulncheck.com
Product
🔗
https://huntr.com/bounties/e7ece02c-d4bb-4166-8e08-6baf4f8845bb
disclosure@vulncheck.com
Exploit
Issue Tracking
Third Party Advisory
🔗
https://www.langchain.com/
disclosure@vulncheck.com
Product
🔗
https://www.vulncheck.com/advisories/langchain-mrkloutputparser-redos
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
langchain:langchain