CVE-2026-27966
Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allow_dangerous_code=True, which automatically exposes LangChains Python REPL tool (python_repl_ast). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.23
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2026-27966 are affected in Python-langflow 1.8.0rc2 | Windows |
| Vulnerabilities CVE-2026-27966 are affected in Langflow 1.7.9 | Windows |
| Vulnerabilities CVE-2026-27966 are affected in Python-langflow for linux 1.8.0rc2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234