Lucene search
+L

Langflow < 1.9.0 RCE (GHSA-vwmf-pq79-vjvx)

🗓️ 26 Mar 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 8 Views

Langflow before 1.9.0 permits unauthenticated code execution via build flow with attacker data.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Command Injection in Paloaltonetworks Pan-Os
30 Mar 202613:39
githubexploit
GithubExploit
Exploit for Code Injection in Langflow
22 May 202622:01
githubexploit
GithubExploit
Exploit for Eval Injection in Langflow
16 Jul 202617:13
githubexploit
GithubExploit
Exploit for Code Injection in Langflow
13 Apr 202618:33
githubexploit
GithubExploit
Exploit for Code Injection in Langflow
20 Apr 202614:54
githubexploit
GithubExploit
Exploit for Eval Injection in Langflow
4 Jul 202621:54
githubexploit
GithubExploit
Exploit for Eval Injection in Langflow
2 Jul 202609:47
githubexploit
GithubExploit
Exploit for Eval Injection in Langflow
4 Jul 202611:27
githubexploit
GithubExploit
Exploit for CVE-2026-33017
21 Mar 202617:06
githubexploit
GithubExploit
Exploit for Eval Injection in Langflow
27 Mar 202607:15
githubexploit
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(303795);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/02");

  script_cve_id("CVE-2026-33017");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/04/08");

  script_name(english:"Langflow < 1.9.0 RCE (GHSA-vwmf-pq79-vjvx)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Langflow installed on the remote host is prior to 1.9.0. It is, therefore,
affected by a remote code execution vulnerability:

  - The POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows
    without requiring authentication. When the optional data parameter is supplied, the
    endpoint uses attacker-controlled flow data containing arbitrary Python code in node
    definitions instead of the stored flow data from the database. This code is passed to
    exec() with zero sandboxing, resulting in unauthenticated remote code execution.
    (CVE-2026-33017)

Note that Nessus has not tested for this issue but has instead relied only on the application's
self-reported version number.");
  # https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?44d0b003");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Langflow version 1.9.0 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-33017");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/03/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/26");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:langflow:langflow");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Artificial Intelligence");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("python_langflow_detect.nasl", "langflow_web_detect.nbin");
  script_require_keys("installed_sw/Langflow");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Langflow', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {
          'fixed_version': '1.9.0'
        }
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Apr 2026 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.19.8
CVSS 49.3
EPSS0.98191
SSVC
8