Lucene search
+L

801 matches found

snyk
snyk
added 2026/01/23 5:8 a.m.5 views

Arbitrary Code Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by introducing custom Python code into a workflow. Remediati...

7.5CVSS7.4AI score0.00551EPSS
Exploits1References2
snyk
snyk
added 2026/01/23 5:8 a.m.5 views

Deserialization of Untrusted Data

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the disk cache service. An attacker can execute arbitrary code by supplying crafted data that is deserialized without proper validatio...

7.7CVSS7.4AI score0.00897EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2026/01/23 5:8 a.m.3 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-0772 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-0772 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15091577...

7.5CVSS7.1AI score0.00897EPSS
Exploits1
snyk
snyk
added 2026/01/23 5:8 a.m.5 views

Eval Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Eval Injection via the evalcustomcomponentcode function. An attacker can execute arbitrary code by supplying a crafted string that is evaluated without proper validation...

9.8CVSS7.6AI score0.33827EPSS
Exploits1References2
snyk
snyk
added 2026/01/23 5:8 a.m.6 views

Eval Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Eval Injection via the evalcustomcomponentcode function. An attacker can execute arbitrary code by supplying a crafted...

9.8CVSS7.6AI score0.33827EPSS
Exploits1References2
snyk
snyk
added 2026/01/23 5:8 a.m.6 views

Unsafe Dependency Resolution

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the execglobals parameter in the validate endpoint. An attacker can execute arbitrary code by supplying crafted input to this parameter...

9.8CVSS8.9AI score0.10371EPSS
Exploits8References2
vulnersosv
vulnersosv
added 2026/01/23 5:8 a.m.4 views

dzbanek-langflow-base (>=0.6.0 <=0.6.1), langflow-base (>=0.7.0 <=0.8.0rc2) +1 more potentially affected by CVE-2026-0770 via lfx (>=0.1.13 <=0.3.4)

lfx PYPI version =0.1.13, =0.6.0, =0.7.0, =0.8.0rc2 - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-0770 Source advisory: SNYK:PYTHON-LFX-15091579...

9.8CVSS7.2AI score0.10371EPSS
Exploits8
nvd
nvd
added 2026/01/23 4:16 a.m.9 views

CVE-2026-0771

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

7.1CVSS0.00551EPSS
Exploits1References1
nvd
nvd
added 2026/01/23 4:16 a.m.7 views

CVE-2026-0772

Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...

7.5CVSS0.00897EPSS
Exploits1References1
nvd
nvd
added 2026/01/23 4:16 a.m.14 views

CVE-2026-0768

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

9.8CVSS0.02035EPSS
Exploits1References1
nvd
nvd
added 2026/01/23 4:16 a.m.7 views

CVE-2026-0769

Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS0.33827EPSS
Exploits1References1
cve
cve
added 2026/01/23 3:29 a.m.14 views

CVE-2026-0772

CVE-2026-0772 is a Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution vulnerability. The flaw exists in the disk cache service and stems from insufficient validation of user-supplied data, enabling deserialization of untrusted data and code execution in the service accoun...

7.5CVSS6.6AI score0.00897EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2026/01/23 3:29 a.m.4 views

CVE-2026-0772 Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability

Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...

7.5CVSS6.6AI score0.00897EPSS
Exploits1References1
cvelist
cvelist
added 2026/01/23 3:29 a.m.34 views

CVE-2026-0772 Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability

Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...

7.5CVSS0.00897EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/01/23 3:29 a.m.6 views

CVE-2026-0772

Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...

7.5CVSS6.4AI score0.00897EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/01/23 3:29 a.m.11 views

CVE-2026-0772 Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability

Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...

7.5CVSS7.6AI score0.00897EPSS
Exploits1References3
cve
cve
added 2026/01/23 3:28 a.m.19 views

CVE-2026-0771

CVE-2026-0771 affects Langflow where the vulnerability stems from the handling of Python function components. The flaw may allow an attacker to introduce custom Python code into a workflow, leading to remote code execution with the application’s context. The root cause involves unsafe handling of...

7.1CVSS6.5AI score0.00551EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/01/23 3:28 a.m.8 views

CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

7.1CVSS7.6AI score0.00551EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/01/23 3:28 a.m.4 views

CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

7.1CVSS6.5AI score0.00551EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/01/23 3:28 a.m.7 views

CVE-2026-0771

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

7.1CVSS6.4AI score0.00551EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder