Medium4.2Vendor: LowRed Hat Linux Updated
Code Execution via crafted expressions in toJSFunction API
CVE-2026-12866 Published Jun 23, 2026Updated by vendor Jun 23, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Code Execution via crafted expressions in toJSFunction() API. Red Hat rates this low (CVSS 4.2). Weakness: CWE-917.
Mitigation checklist
Recommended fix / mitigation
- LangChainJS already replaced expr-eval with math-expression-evaluator in a later @langchain/community release (fix for CVE-2025-12735). Bootc owners should bump @langchain/community to a version that no longer bundles expr-eval, which removes the dead dependency entirely.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.