CVE-2026-0771 - Vulnerability Details

- Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

Description

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product.

The specific flaw exists within the handling of Python function components. Depending upon product configuration, an attacker may be able to introduce custom Python code into a workflow. An attacker can leverage this vulnerability to execute code in the context of the application. Was ZDI-CAN-27497.

Published: 2026-01-23

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in Langflow's handling of Python function components permits attackers to inject custom Python code, resulting in the execution of arbitrary code within the application’s context. This weakness aligns with CWE‑94, which covers incorrect handling of dynamic code execution. The impact is the loss of integrity and availability for the affected system, as malicious code can be run with the application’s privileges.

Affected Systems

Langflow version 1.4.2 is affected, according to the CPE identifier. No other versions are explicitly listed; users running this or earlier versions should verify vendor advisories for additional impacted releases.

Risk and Exploitability

The CVSS score for this vulnerability is 7.1, indicating a high severity level. The EPSS score of less than 1% implies a low current exploitation probability, and the vulnerability is not included in the CISA KEV catalog. The likely attack vector is remote, through the configuration of Python function components in a workflow, and exploitation is contingent on the product’s configuration settings. Based on the description, it is inferred that an attacker can inject code by creating or modifying a workflow that contains a Python function component.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Langflow

unknown

Version	Status	Constraints
`1.4.2`	affected	—

Configuration 1 [-]

cpe:2.3:a:langflow:langflow:1.4.2:-:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Langflow	Langflow	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Langflow to a version that contains the fix for the Python function component flaw.
Reconfigure the application to disable or restrict custom Python code entry in workflows, mitigating the injection avenue.
Monitor application logs for abnormal execution of Python code to detect potential exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 03:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00144.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.zerodayinitiative.com/advisories/ZDI-26-037/

History

Wed, 18 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:langflow:langflow:1.4.2:-::::::

Fri, 23 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 23 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Langflow Langflow langflow
Vendors & Products		Langflow Langflow langflow

Fri, 23 Jan 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exists within the handling of Python function components. Depending upon product configuration, an attacker may be able to introduce custom Python code into a workflow. An attacker can leverage this vulnerability to execute code in the context of the application. Was ZDI-CAN-27497.
Title		Langflow PythonFunction Code Injection Remote Code Execution Vulnerability
Weaknesses		CWE-94
References		https://www.zerodayinitiative.com/advisories/ZDI-26-037/
Metrics		cvssV3_0 `{'score': 7.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

Langflow Langflow

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2026-01-23T03:28:56.528Z

Updated: 2026-02-26T14:44:26.158Z

Reserved: 2026-01-08T22:50:28.413Z

Link: CVE-2026-0771

Vulnrichment

Updated: 2026-01-23T16:30:35.851Z

NVD

Status : Analyzed

Published: 2026-01-23T04:16:04.200

Modified: 2026-02-18T19:05:10.770

Link: CVE-2026-0771

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T03:30:25Z

Weaknesses

CWE-94

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object