Description
A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-21
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

langflow up to version 1.9.3 contains an issue in the Bundle URL Loader component where an attacker can craft a payload that is executed as code when the component is loaded. This flaw is a form of injection that can lead to arbitrary code execution on the host machine. The vulnerability gains its power from the way the component processes URLs, allowing a local attacker to trigger the execution path that interprets and runs the injected code.

Affected Systems

The affected product is the langflow framework from langflow‑ai, specifically any installations running version 1.9.3 or earlier. Users running a more recent release are not impacted, and no other vendors or versions are listed as affected.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate severity, reflecting that the flaw requires local access and does not provide network‑based exploitation vectors. EPSS data is not available, so the likelihood of widespread immediate exploitation cannot be quantified, and the vulnerability is not present in the CISA KEV catalog. Because the attack is local, a threat actor would need physical or compromised account access to the system hosting langflow. In the absence of an official patch, the risk remains contingent on the exposure of the vulnerable component and the security controls around the deployment environment.

Generated by OpenCVE AI on June 22, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • If an update to langflow beyond 1.9.3 is available, apply it promptly.
  • If no official fix exists, disable the Bundle URL Loader component or restrict its use to trusted inputs only.
  • Configure monitoring to alert on attempts to load external URLs through the component, enabling prompt detection of suspicious activity.

Generated by OpenCVE AI on June 22, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in any way.
Title langflow-ai langflow Bundle URL Loader code injection
First Time appeared Langflow
Langflow langflow
Weaknesses CWE-74
CWE-94
CPEs cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
Vendors & Products Langflow
Langflow langflow
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Langflow Langflow
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-21T23:30:09.211Z

Reserved: 2026-06-21T13:14:48.566Z

Link: CVE-2026-12822

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T01:30:06Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-94

    Improper Control of Generation of Code ('Code Injection')