anonhaven
Ad

CVE-2026-27966

CRITICAL CVSS 3.1: 9.8 EPSS 0.23%
Updated Feb 26, 2026
Python
Parameter Value
CVSS 9.8 (CRITICAL)
Type CWE-94 (Code Injection)
Vendor Python
Public PoC No

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE).

Version 1.8.0 fixes the issue.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-94 Code Injection

References 2

https://github.com/langflow-ai/langflow/commit/d8c6480daa17b2f2af0b5470cdf5c3d2…
security-advisories@github.com
https://github.com/langflow-ai/langflow/security/advisories/GHSA-3645-fxcv-hqr4
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40260

Python

6.9

CVE-2026-40947

Python

2.9

CVE-2026-40192

Python

8.7

CVE-2026-40683

Python

7.7

CVE-2026-5713

Python

5.3