Impact
The CodeParser.parse_callable_details function in langflow’s Full Builtins Module has a flaw that allows an attacker to craft input that is passed directly to the operating system shell. This permits execution of arbitrary commands on the host running langflow, effectively giving the attacker control of the system. The vulnerability is a classic command‑injection weakness that can be triggered remotely via an exposed API endpoint.
Affected Systems
langflow‑ai’s langflow package versions 1.8.4 and older are affected. Any deployment that has the Full Builtins Module enabled and is reachable over the network is at risk unless the software is upgraded or the module disabled.
Risk and Exploitability
The base score of 5.3 indicates moderate severity, while the EPSS score of 2% shows that exploitation is currently unlikely but still possible. The vulnerability is not listed in the CISA KEV catalog. Attackers can execute the flaw by sending malformed parameters to the endpoint that calls CodeParser.parse_callable_details, which the product processes without proper sanitization.
OpenCVE Enrichment