CVE-2026-0771: Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers t
criticalvulnerability
security
Summary
Langflow, a workflow automation tool, has a vulnerability where attackers can inject malicious Python code into Python function components and execute it on the server (RCE, or remote code execution). The severity and how it can be exploited depend on how Langflow is configured.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentialityavailability
Affected Vendors
LangChain
Related Issues
criticalcritical
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Same vendorNVD/CVE Database
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Same vendor
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-0771
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 95%