Inefficient Regular Expression Complexity

Summary

LangChain contains a Regular Expression Denial-of-Service (ReDoS) vulnerability in the "MRKLOutputParser.parse()" method ("libs/langchain/langchain/agents/mrkl/output_parser.py"). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into "MRKLOutputParser.parse()") can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a Denial-of-Service condition.