{"data":{"id":"690af72a-8bca-4921-96a8-026dc4e97b89","title":"CVE-2026-0768: Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute ","summary":"Langflow has a critical vulnerability where attackers can execute arbitrary code (commands) on the server without needing to log in, by sending malicious input to the validate endpoint. The flaw occurs because the code parameter is not properly checked before being run as Python code, allowing an attacker to run commands with root-level permissions (the highest system access level).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-0768","publishedAt":"2026-01-23T09:16:03.800Z","cveId":"CVE-2026-0768","cweIds":["CWE-94"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.02587,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}