RSS feed | 0xn3va's blog

March 16, 2026

Executing AI agent on behalf another user in LangSmith Agent Builder (Resolved)

This post examines the agent's underlying architecture and the chain of vulnerabilities that led to user impersonation during agent execution.

March 16, 2026

Chaining service key leakage and path confusion in LangSmith (Resolved)

This post describes the discovery and exploitation of a vulnerability that allowed unauthorised access across LangSmith agent deployments. In addition, it details research into path normalisation differences between Nginx and GCP Load Balancer.

January 12, 2026

Achieving remote code execution in LangSmith Playground using unsafe template formatting

This post details the discovery and exploitation of a vulnerability in LangSmith Playground that allowed arbitrary code execution through unsafe template formatting.

NextExecuting AI agent on behalf another user in LangSmith Agent Builder (Resolved)

Last updated 18 days ago

hashtagExecuting AI agent on behalf another user in LangSmith Agent Builder (Resolved)

hashtagChaining service key leakage and path confusion in LangSmith (Resolved)

hashtagAchieving remote code execution in LangSmith Playground using unsafe template formatting

Executing AI agent on behalf another user in LangSmith Agent Builder (Resolved)

Chaining service key leakage and path confusion in LangSmith (Resolved)

Achieving remote code execution in LangSmith Playground using unsafe template formatting