Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/24 1:14 p.m.3 views

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/02/26 6:18 a.m.6 views

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the allowdangerouscode=True which automatically exposes LangChain’s Python REPL tool...

9.8CVSS6AI score0.33694EPSS
Exploits3References2
Snyk
Snyk
added 2026/01/23 5:8 a.m.4 views

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root...

9.8CVSS7.6AI score0.02035EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/23 5:8 a.m.5 views

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by...

7.5CVSS7.4AI score0.00551EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/23 5:8 a.m.6 views

Eval Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Eval Injection via the evalcustomcomponentcode function. An attacker can execute arbitrary code by supplying a crafted...

9.8CVSS7.6AI score0.33827EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.7 views

The vulnerability of the HTTP Request Handler component of the Langflow agent and workflow creation/ deployment tool allows a attacker to execute arbitrary code.

The vulnerability of the HTTP Request Handler component of the Langflow agent and process creation/ deployment tool is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.99968EPSS
Exploits33References6Affected Software1
Rows per page
Query Builder