GHSA-vwmf-pq79-vjvx: Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
criticalvulnerability
security
Summary
Langflow has an unauthenticated remote code execution vulnerability in its public flow build endpoint. The endpoint is designed to be public but incorrectly accepts attacker-supplied flow data containing arbitrary Python code, which gets executed without sandboxing when the flow is built. An attacker only needs to know a public flow's ID and can exploit this to run any code on the server.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
March 17, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
LangChain
Affected Packages
langflow@<= 1.8.1
Related Issues
Original source: https://github.com/advisories/GHSA-vwmf-pq79-vjvx
First tracked: March 17, 2026 at 04:55 PM
Classified by LLM (prompt v3) · confidence: 95%