3 matches found
CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...
CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...
CVE-2026-27966
creationtimestamp| type| source ---|---|--- 2026-02-25 19:06:33+00:00| published-proof-of-concept| https://github.com/langflow-ai/langflow/security/advisories/GHSA-3645-fxcv-hqr4 2026-02-26 03:00:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mfq7dgl2ih2o 2026-02-26...