{"data":{"id":"78e30f0c-36f7-4208-b4cf-2873c6eff5f1","title":"CVE-2026-33475: Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection","summary":"Langflow versions before 1.9.0 have a shell injection vulnerability in GitHub Actions workflows where unsanitized GitHub context variables (like branch names and pull request titles) are directly inserted into shell commands, allowing attackers to execute arbitrary commands and steal secrets like the GITHUB_TOKEN by creating a malicious branch or pull request. This vulnerability can lead to secret theft, infrastructure manipulation, or supply chain compromise during CI/CD (continuous integration/continuous deployment, the automated testing and deployment process) execution.","solution":"Upgrade to version 1.9.0, which patches the vulnerability. Additionally, the source recommends refactoring affected workflows to use environment variables with double quotes instead of direct interpolation: assign the GitHub context variable to an environment variable first (e.g., `env: BRANCH_NAME: ${{ github.head_ref }}`), then reference it in `run:` steps with double quotes (e.g., `echo \"Branch is: \\\"$BRANCH_NAME\\\"\"`), and avoid direct `${{ ... }}` interpolation inside `run:` for any user-controlled values.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-33475","publishedAt":"2026-03-24T13:16:04.030Z","cveId":"CVE-2026-33475","cweIds":["CWE-74","CWE-78"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-24T13:16:04.030Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}