{"data":{"id":"84775246-0476-4a91-b96a-b17e21192d66","title":"CVE-2026-0771: Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers t","summary":"Langflow, a workflow automation tool, has a vulnerability where attackers can inject malicious Python code into Python function components and execute it on the server (RCE, or remote code execution). The severity and how it can be exploited depend on how Langflow is configured.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-0771","publishedAt":"2026-01-23T09:16:04.200Z","cveId":"CVE-2026-0771","cweIds":["CWE-94"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00124,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}