{"data":{"id":"a85571c9-2de9-4897-89cf-44502d82d129","title":"CVE-2026-0770: Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This","summary":"Langflow contains a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) in how it handles the exec_globals parameter at the validate endpoint, allowing unauthenticated attackers to execute arbitrary code with root-level privileges. The flaw stems from including functionality from an untrusted source without proper validation.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-0770","publishedAt":"2026-01-23T09:16:04.063Z","cveId":"CVE-2026-0770","cweIds":["CWE-829"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.10008,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-437"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}