Eval Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Eval Injection via the evalcustomcomponentcode function. An attacker can execute arbitrary code by supplying a crafted string that is evaluated without proper validation...

Langflow security vulnerabilities

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability, which stems from the lack of validation for strings provided by users in the implementation of the evalcustomcomponentcode function. This...

(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of evalcustomcomponentcode function. The issue results from the lack of prop...

PT-2026-1999

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code. This does not require authentication. The issue is due to insufficient validation of user-supplied input...