fix(security): remediate 7 High CVEs — NSPECT-S62Q-PZUD batch (2026-06-17)

[nv-rag-cve-bot]

Security Vulnerability Remediation

nSpect Program: NSPECT-S62Q-PZUD (collection parent)
Children scanned: NSPECT-UV6I-R3V9 (rag-server container), NSPECT-O8B9-SHZ8 (source)
Scan date: 2026-06-17
Track: A — Verified Fix (pip-audit confirmed; 0 vulns after re-scan)

---

CVE Summary

CVE / Advisory	Package	Before	After	Severity
GHSA-gj48-438w-jh9v	bleach	6.3.0	6.4.0	High
CVE-2026-54283	starlette	0.50.0	1.3.1	High
CVE-2026-53538/39/40	python-multipart	0.0.29	0.0.32	High
GHSA-gr75-jv2w-4656	langchain	1.3.1	1.3.9	High
GHSA-rgxp-2hwp-jwgg	pyarrow	21.0.0	24.0.0	High
GHSA-537c-gmf6-5ccf	cryptography	48.0.0	49.0.0	High
CVE-2026-34993 (+10 related)	aiohttp	3.13.5	3.14.1	High

Deferred (base-image OS CVEs — --include-base-image not passed):

• CVE-2026-45447 — OpenSSL 3.0.x (container-only)
• CVE-2026-9669 — bz2 (container-only)

---

Changes

pyproject.toml

• bleach>=6.2,<7.0 → bleach>=6.4.0,<7.0
• fastapi>=0.115.5,<1.0 → fastapi>=0.133.0,<1.0 (prerequisite: unlocks starlette cap)
• langchain>=1.3.1 → langchain>=1.3.9
• python-multipart>=0.0.27,<1.0 → python-multipart>=0.0.31,<1.0
• pyarrow>=21.0,<22.0 → pyarrow>=23.0.1,<25.0 (3 occurrences — cap lifted; only stable core APIs used)
• [tool.uv] override-dependencies: cryptography>=46.0.6 → cryptography>=48.0.1
• [tool.uv] override-dependencies: aiohttp>=3.13.4 → aiohttp>=3.14.1
• [tool.uv] override-dependencies: added starlette>=1.3.1

uv.lock

Regenerated. 11 packages updated:
aiohttp, bleach, cryptography, fastapi, langchain, langchain-core, langgraph, langgraph-sdk, pyarrow, python-multipart, starlette.

tests/unit/test_security_dependency_pins.py

8 new pin-floor assertions — one per advisory:
test_cryptography_not_vulnerable_ghsa_537c_gmf6_5ccf, test_python_multipart_not_vulnerable_cve_2026_53538, test_starlette_not_vulnerable_ghsa_82w8_qh3p_5jfq, test_langchain_not_vulnerable_ghsa_gr75_jv2w_4656, test_pyarrow_not_vulnerable_ghsa_rgxp_2hwp_jwgg, test_bleach_not_vulnerable_ghsa_gj48_438w_jh9v, test_aiohttp_not_vulnerable_cve_2026_34993.

---

Validation

• Re-scan (local §5a): pip-audit on full resolved dependency set → 0 vulnerabilities after fix
• §5b unit / §5c lint / §5d smoke: relocated to CI via --validate pipeline — gating jobs: unit-tests, static-analysis, docker-tests chain

---

Reviewer checklist

• pyarrow cap change (<22.0 → <25.0) — only pa.table/schema/field/array/string APIs used; verify no breaking API usage
• fastapi bump to >=0.133.0 — check any FastAPI version-specific code paths
• starlette >=1.3.1 override is not too aggressive for any other transitive consumer
• Deferred base-image CVEs acknowledged (tracked, not fixed in this PR)

---

Notes

cve-fix-reports/ — full per-CVE report files exist locally but are not committed to this branch (excluded to keep the PR diff clean). Operator: if you need to archive them, add the directory before merging or copy to your artifact store.

Pipeline validation (--validate pipeline) is active. This PR is in Draft status pending CI GREEN on unit-tests, static-analysis, and the full docker-tests GPU chain.

---

Generated by /agentic-cve-fix skill — Commit: eafbb6c

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.