Cyata discloses LangGrinch (CVE-2025-68664), a critical LangChain Core serialization injection bug where untrusted, LLM-influenced metadata can be rehydrated as objects, enabling secret leaks and unsafe instantiation. Patch guidance included.
Read in full here: