Is there a public PoC exploit available for CVE-2026-6599?

Yes, a public proof-of-concept exploit is available for CVE-2026-6599. Prioritise patching immediately. EPSS: 0.0%.

Langflow CVE-2026-6599

Q: What is the CVSS score of CVE-2026-6599?

CVE-2026-6599 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-23762 LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2026-04-20 VulDB

Code Injection Langflow

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:12 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:12 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

CVSS changed

Apr 20, 2026 - 04:22 NVD

6.3 (MEDIUM) 5.3 (MEDIUM)

Analysis Generated

Apr 20, 2026 - 04:08 vuln.today

EUVD ID Assigned

Apr 20, 2026 - 04:00 euvd

EUVD-2026-23762

Analysis Generated

Apr 20, 2026 - 04:00 vuln.today

CVE Published

Apr 20, 2026 - 03:00 nvd

LOW 2.1

DescriptionCVE.org

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument X-Forwarded-For results in injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Code injection in langflow-ai langflow up to version 1.8.3 allows authenticated remote attackers to execute arbitrary code via manipulation of the X-Forwarded-For HTTP header in the Model Context Protocol Configuration API endpoint. The vulnerability affects the get_client_ip function in src/backend/base/langflow/api/v1/mcp_projects.py and has publicly available exploit code; the vendor did not respond to early disclosure notification.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to langflow instance

Delivery

Send crafted HTTP request to MCP API

Exploit

Inject code via X-Forwarded-For header

Execution

Vulnerable get_client_ip function processes header

Persist

Code executed in backend context

Impact

Arbitrary code execution