Description
A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-03
Score: 5.3 Medium
EPSS: 1.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CodeParser.parse_callable_details function in langflow’s Full Builtins Module has a flaw that allows an attacker to craft input that is passed directly to the operating system shell. This permits execution of arbitrary commands on the host running langflow, effectively giving the attacker control of the system. The vulnerability is a classic command‑injection weakness that can be triggered remotely via an exposed API endpoint.

Affected Systems

langflow‑ai’s langflow package versions 1.8.4 and older are affected. Any deployment that has the Full Builtins Module enabled and is reachable over the network is at risk unless the software is upgraded or the module disabled.

Risk and Exploitability

The base score of 5.3 indicates moderate severity, while the EPSS score of 2% shows that exploitation is currently unlikely but still possible. The vulnerability is not listed in the CISA KEV catalog. Attackers can execute the flaw by sending malformed parameters to the endpoint that calls CodeParser.parse_callable_details, which the product processes without proper sanitization.

Generated by OpenCVE AI on June 18, 2026 at 14:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade langflow to a version newer than 1.8.4 once a vendor patch has been released.
  • If upgrading is not feasible, disable the Full Builtins Module or restrict external access to its API endpoint.
  • Validate or sanitize all user‑supplied input before it is forwarded to CodeParser.parse_callable_details; consider running the application with the least privilege necessary.

Generated by OpenCVE AI on June 18, 2026 at 14:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 03 May 2026 09:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection
First Time appeared Langflow
Langflow langflow
Weaknesses CWE-74
CWE-77
CPEs cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
Vendors & Products Langflow
Langflow langflow
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Langflow Langflow
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-05T00:40:09.897Z

Reserved: 2026-05-02T16:06:38.906Z

Link: CVE-2026-7687

cve-icon Vulnrichment

Updated: 2026-05-05T00:40:04.940Z

cve-icon NVD

Status : Deferred

Published: 2026-05-03T09:16:03.680

Modified: 2026-06-17T11:02:47.927

Link: CVE-2026-7687

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T14:30:15Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')