CVE-2026-27966

Published: Feb 26, 2026Modified: Feb 28, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: security-advisories@github.com (Secondary)

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.

Affected (1)

Products: Langflow: Langflow

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Langflow Langflow	Before 1.8.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://github.com/langflow-ai/langflow/commit/d8c6480daa17b2f2af0b5470cdf5c3d28dc9e508

Source: security-advisories@github.com

Patch

https://github.com/langflow-ai/langflow/security/advisories/GHSA-3645-fxcv-hqr4

Source: security-advisories@github.com

ExploitVendor Advisory

Timeline

No history available yet.