The langsmith-sdk for JavaScript/TypeScript contains an incomplete prototype‑pollution guard in its vendored lodash set() utility. The baseAssignValue() function only blocks the __proto__ key, but it does not prevent assignments to constructor.prototype. When attacker‑controlled data passes through the createAnonymizer() API, a key referencing constructor.prototype can modify Object.prototype, thereby affecting every object in the Node.js process. This flaw can alter application behavior, trigger logic errors, or enable the insertion of unintended properties.

The vulnerability exists in the langchain‑ai:langsmith-sdk package for all releases prior to 0.5.18. Any Node.js application that imports that version and uses createAnonymizer() with data that may come from an external or untrusted source is affected. Versions 0.5.18 and newer incorporate the necessary fix.

The CVSS score of 5.6 indicates medium severity. Although the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the risk remains significant because exploitation requires control over data delivered to createAnonymizer(). This is an inference based on the description. If an attacker can supply such data, they can alter Object.prototype and potentially manipulate application logic or data, making the impact potentially far‑reaching within the affected process.