CRITICAL🇵🇱 Wersja polska

CVE-2026-0770

CVSS 9.8v3.0pub. 2026-01-23upd. 2026-02-18

Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.

🤖 AI Analysis
How it works

The vulnerability results from improper handling of the exec_globals parameter passed to the validate endpoint. The application includes resources from an untrusted sphere of control (CWE-829), which allows an attacker to inject and execute malicious code. The exploit requires no authentication or user interaction — it is sufficient to send an appropriately crafted network request.

Impact

An attacker can execute arbitrary code in the context of the root user, which means complete takeover of the compromised system, including access to data, ability to install backdoors, and further lateral movement within the network.

Mitigation & patch

Patches available from the vendor should be applied according to the references. Additionally, until the patch is deployed, it is recommended to restrict network access to the validate endpoint using firewall or access control mechanisms.

Who is affected

Langflow — versions indicated in the vendor's references and in the Zero Day Initiative advisory (ZDI-26-036)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Langflow

    APP
    Langflow
    1.4.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-33017CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Langflow: nieuwierzytelniony RCE przez endpoint budowania publicznych przepływów

CVE-2025-34291CRITICAL9.4⚠ KEVPL ✓ten sam produkt

Langflow: przejęcie konta i RCE przez błędną konfigurację CORS

CVE-2025-3248CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Nieuwierzytelnione RCE w Langflow poprzez wstrzyknięcie kodu w endpoint /api/v1/validate/code

CVE-2026-10140CRITICAL9.6ten sam produkt

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of ...

CVE-2026-10134CRITICAL10.0ten sam produkt

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process...