CVE-2026-0771: Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers t
criticalvulnerability
security
Summary
Langflow, a workflow automation tool, has a vulnerability where attackers can inject malicious Python code into Python function components and execute it on the server (RCE, or remote code execution). The severity and how it can be exploited depend on how Langflow is configured.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentialityavailability
Affected Vendors
LangChain
Related Issues
mediumcritical
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
Same vendorNVD/CVE Database
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Same vendor
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-0771
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 95%