CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2026/03/28 11:9 p.m.•2 views

CVE-2026-33873

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...

9.3CVSS6.2AI score0.00065EPSS

Exploits1References1

Snyk•added 2026/03/27 9:32 p.m.•2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Agentic Assistant validation process. An attacker can execute arbitrary server-side Python code by supplying input that causes the assistant to return malicious component code, which is then...

9.9CVSS6AI score0.00065EPSS

Exploits1References2

PyPA•added 2026/03/27 9:17 p.m.•4 views

PYSEC-2026-82

9.9CVSS6.1AI score0.00065EPSS

Exploits1References16Affected Software1

OSV•added 2026/03/27 9:17 p.m.•6 views

PYSEC-2026-82

9.9CVSS6.1AI score0.00065EPSS

Exploits1References16

NVD•added 2026/03/27 9:17 p.m.•0 views

CVE-2026-33873

9.9CVSS0.00065EPSS

Exploits1References16

OSV•added 2026/03/27 8:4 p.m.•1 views

CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation

9.3CVSS6.2AI score0.00065EPSS

Exploits1References18

ATTACKERKB•added 2026/03/27 8:4 p.m.•1 views

CVE-2026-33873

9.3CVSS6.2AI score0.00065EPSS

Exploits1References17Affected Software1

Cvelist•added 2026/03/27 8:4 p.m.•22 views

CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation

9.3CVSS0.00065EPSS

Exploits1References16

CVE•added 2026/03/27 8:4 p.m.•3 views

CVE-2026-33873

CVE-2026-33873 affects Langflow. Before v1.9.0, the Agentic Assistant feature can execute LLM-generated Python code during its validation phase, reaching dynamic execution sinks and instantiating the generated class server-side. In deployments where an attacker can access the Agentic Assistant an...

9.9CVSS6.2AI score0.00065EPSS

Exploits1References16Affected Software1

Vulnrichment•added 2026/03/27 8:4 p.m.•1 views

CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation

9.3CVSS6.2AI score0.00065EPSS

Exploits1References16

CNNVD•added 2026/03/27 12:0 a.m.•4 views

Langflow 代码注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Prior to Langflow 1.9.0, there was a code injection vulnerability. This vulnerability stemmed from the Agentic Assistant feature, which executed Python code generated by the LLM...

9.9CVSS6AI score0.00065EPSS

Exploits1References17

OSV•added 2026/03/26 6:31 p.m.•1 views

GHSA-V8HW-MH8C-JXFC Langflow has Authenticated Code Execution in Agentic Assistant Validation

Description 1. Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class...

9.3CVSS6.6AI score0.00065EPSS

Exploits1References18

Github Security Blog•added 2026/03/26 6:31 p.m.•2 views

Langflow has Authenticated Code Execution in Agentic Assistant Validation

9.9CVSS6.7AI score0.00065EPSS

Exploits1References18Affected Software1

Positive Technologies•added 2026/03/26 12:0 a.m.•2 views

PT-2026-28544

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow's Agentic Assistant feature, prior to version 1.9.0, executes LLM-generated Python code during validation. This implementation allows for arbitrary server-side Python execution if an attack...

9.3CVSS6.4AI score0.00065EPSS

Exploits1References22

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by