Description
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the code parameter provided to the validate endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-27322.
Published: 2026-01-23
Score: 9.8 Critical
EPSS: 1.9% Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw in Langflow’s validate endpoint allows an unauthenticated attacker to submit arbitrary Python code, which the server executes without validation. This code injection leads to remote code execution in the context of the running service and can result in execution as root. The vulnerability is a classic code injection weakness (CWE‑94).

Affected Systems

The affected product is Langflow version 1.4.2, as identified by the vendor.

Risk and Exploitability

The vulnerability has a CVSS score of 9.8 and an EPSS score of 2 %, indicating a high likelihood of exploitation. It is not currently listed in the CISA KEV catalog. Authentication is not required, and the attack vector is remote via network traffic to the validate endpoint. An attacker can achieve full system compromise, as the code runs under root privileges. The high severity score reflects the potential for extensive damage across the affected installation.

Generated by OpenCVE AI on April 18, 2026 at 15:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Langflow version that includes the fix for the validate endpoint code injection issue.
  • Re‑expose the validate endpoint only to trusted hosts or networks, effectively restricting unauthenticated access.
  • Run Langflow under a non‑root user or within a containment technology such as Docker or chroot to limit the blast radius.

Generated by OpenCVE AI on April 18, 2026 at 15:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:langflow:langflow:1.4.2:-:*:*:*:*:*:*

Fri, 23 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Langflow
Langflow langflow
Vendors & Products Langflow
Langflow langflow

Fri, 23 Jan 2026 04:00:00 +0000

Type Values Removed Values Added
Description Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code parameter provided to the validate endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-27322.
Title Langflow code Code Injection Remote Code Execution Vulnerability
Weaknesses CWE-94
References
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Langflow Langflow
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-02-26T14:44:27.192Z

Reserved: 2026-01-08T22:50:14.237Z

Link: CVE-2026-0768

cve-icon Vulnrichment

Updated: 2026-01-23T16:33:21.284Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T04:16:03.800

Modified: 2026-02-18T16:43:11.733

Link: CVE-2026-0768

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:30:03Z

Weaknesses