GHSA-v5ff-9q35-q26f: Langflow: Unauthenticated RCE in Shareable Playgrounds
criticalvulnerability
security
Summary
Langflow's Shareable Playground feature contains a critical RCE (remote code execution, where an attacker can run commands on a system they don't own) vulnerability that allows unauthenticated users to execute arbitrary Python code. By sharing a flow and then modifying the code field in the API request to the `/api/v1/build_public_tmp` endpoint, an attacker can run malicious commands on the server.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
June 16, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
integrityconfidentiality
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
LangChain
Affected Packages
langflow@<= 1.9.1 (fixed: 1.9.2)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-v5ff-9q35-q26f
First tracked: June 16, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%