Hi Team,
The LangChain been reported as a high vulnerability on NVD database(CVE-2025-46059) and in blackduck as well(BDSA-2025-7752). Since this is a high severity can you please please look into this issue and if possible provide us a tentative date on the new releases.
Issue description:
LangChain is vulnerable to indirect prompt injection due to insufficient input validation in the GmailToolkit component. This could allow an attacker to manipulate an email agent by embedding malicious instructions in email content, potentially leading to unauthorized actions such as forwarding the victim’s emails or sending emails on their behalf.