Skip to main content

Langflow CVE-2026-7700

| EUVDEUVD-2026-26838 LOW
Code Injection (CWE-94)
2026-05-03 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
May 03, 2026 - 15:22 NVD
MEDIUM LOW
CVSS changed
May 03, 2026 - 15:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
PoC Detected
May 03, 2026 - 15:15 vuln.today
Public exploit code
Analysis Generated
May 03, 2026 - 14:45 vuln.today
EUVD ID Assigned
May 03, 2026 - 14:30 euvd
EUVD-2026-26838
Analysis Generated
May 03, 2026 - 14:30 vuln.today
CVE Published
May 03, 2026 - 14:15 nvd
LOW 2.1

DescriptionCVE.org

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Code injection via the eval function in Langflow's LambdaFilterComponent allows remote authenticated attackers to execute arbitrary code with low-to-medium integrity and confidentiality impact. The vulnerability affects Langflow up to version 1.8.4, requires user login (PR:L), and has publicly available exploit code. The vendor did not respond to early disclosure notification.

Technical ContextAI

The vulnerability exists in the LambdaFilterComponent's eval function (src/lfx/src/lfx/components/llm_operations/lambda_filter.p) which improperly handles user-supplied input without adequate sanitization or sandboxing. The weakness is classified as CWE-94 (Code Injection), a class of flaws where untrusted data is passed to an interpreter or evaluator function without proper validation. In Python and similar languages, eval() functions execute arbitrary code with full interpreter privileges. Langflow's Lambda filter component likely uses Python's eval() or similar constructs to process filter expressions, allowing attackers who can craft malicious input through the Langflow interface to break out of intended code execution boundaries.

RemediationAI

Upgrade Langflow to a version newer than 1.8.4 once a patched release is available; however, no vendor-released patch version is identified in provided data. Immediate compensating controls should include: (1) Restrict network access to Langflow deployments using firewall rules or VPN-only access, reducing exposure to remote attackers despite PR:L requirement; (2) Disable or remove the LambdaFilterComponent from the Langflow UI if the lambda filter feature is not in use, eliminating the attack surface; (3) Implement strict input validation on lambda filter expressions by intercepting and sanitizing filter parameters before they reach the eval function (requires code modification if no configuration option exists); (4) Run Langflow with minimal Python privileges and in isolated environments (containers, dedicated user accounts) to limit impact if code injection succeeds; (5) Monitor and audit lambda filter usage for suspicious patterns. Contact langflow-ai for patch availability and timeline given their non-response to disclosure.

CVE-2025-3248 CRITICAL POC
9.8 Apr 07

Langflow before 1.3.0 allows unauthenticated remote code injection through the /api/v1/validate/code endpoint, enabling

CVE-2025-34291 CRITICAL POC
9.4 Dec 05

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote cod

CVE-2026-27966 CRITICAL POC
9.8 Feb 26

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary

CVE-2026-0770 CRITICAL POC
9.8 Jan 23

Langflow has a third RCE vulnerability via exec_globals (EPSS 10.0%) allowing inclusion of untrusted code that executes

CVE-2024-48061 CRITICAL POC
9.8 Nov 04

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the

CVE-2024-42835 CRITICAL POC
9.8 Oct 31

langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.

CVE-2024-37014 CRITICAL POC
9.8 Jun 10

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_compo

CVE-2026-21445 CRITICAL POC
9.1 Jan 02

Langflow before 1.7.0.dev45 exposes multiple API endpoints without authentication, allowing unauthenticated access to us

CVE-2024-7297 HIGH POC
8.8 Jul 30

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged

CVE-2026-0768 CRITICAL
9.8 Jan 23

Langflow has a code injection vulnerability in the code component (EPSS 2.6%) enabling remote code execution through the

CVE-2026-0769 CRITICAL
9.8 Jan 23

Langflow has an eval injection in eval_custom_component_code (EPSS 2.0%) enabling remote code execution through crafted

CVE-2026-10134 CRITICAL
10.0 Jun 30

Remote code execution in IBM Langflow OSS 1.0.0 through 1.9.3 lets an unauthenticated attacker inject and run arbitrary

Share

CVE-2026-7700 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy