2 matches found
langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-33873 via langflow-base (=0.7.2)
langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-33873 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15812241...
CVE-2026-33873
CVE-2026-33873 affects Langflow. Before v1.9.0, the Agentic Assistant feature can execute LLM-generated Python code during its validation phase, reaching dynamic execution sinks and instantiating the generated class server-side. In deployments where an attacker can access the Agentic Assistant an...