{"data":{"id":"e23de4f5-f78a-4fd3-89a0-6192eab7cfe3","title":"CVE-2026-0772: Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows rem","summary":"Langflow contains a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in its disk cache service that allows authenticated attackers to execute arbitrary code by sending maliciously crafted data that the system deserializes (converts from stored format back into usable objects) without proper validation. The flaw exploits insufficient checking of user-supplied input, letting attackers run code with the permissions of the service account.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-0772","publishedAt":"2026-01-23T09:16:04.333Z","cveId":"CVE-2026-0772","cweIds":["CWE-502"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00867,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}