CVE-2026-33475

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Amendment This was deemed not a vulnerability. Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized interpolatio...

CVE-2026-33475 Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

PT-2026-27428

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is susceptible to an unauthenticated remote shell injection issue in GitHub Actions workflows. The issue stems from the unsanitized interpolation of GitHub context variables, such as $...