Submission checklist

• This is a bug, not a usage question.
• I added a clear and descriptive title that summarizes this issue.
• I used the GitHub search to find a similar question and didn't find it.
• I am sure that this is a bug in LangChain rather than my code.
• The bug is not resolved by updating to the latest stable version of LangChain.
• I posted a self-contained, minimal, reproducible example.

Package

langchain-core

Related Issues / PRs

Raised in a comment on #37296 by @Keshav123454. Fix ready in PR #37729.

Reproduction

from langchain_core.prompts import load_prompt

# reads and deserializes any reachable .yaml/.json — no error raised
result = load_prompt("../secret.yaml")

Expected behavior

ValueError when the path contains .. traversal components.

Actual behavior

load_prompt() calls _load_prompt_from_file() which converts the argument to Path(file) and opens it immediately, with no validation on the top-level path. The existing _validate_path() guard only protects paths embedded inside the loaded config (e.g. template_path, examples) — never the caller-supplied argument itself.

Any .yaml or .json file reachable via directory traversal can be read and deserialized.

Fix

Add ".." in file_path.parts check at the entry-point of _load_prompt_from_file, consistent with the guard style already used throughout langchain_core/prompts/loading.py. Absolute paths remain allowed (intentional caller paths). The existing allow_dangerous_paths=True escape hatch bypasses the check.

A complete fix with 2 unit tests is ready in PR #37729.

System Info

langchain-core latest, Python 3.11+