CVE-2026-0772: Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows rem
highvulnerability
security
Summary
Langflow contains a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in its disk cache service that allows authenticated attackers to execute arbitrary code by sending maliciously crafted data that the system deserializes (converts from stored format back into usable objects) without proper validation. The flaw exploits insufficient checking of user-supplied input, letting attackers run code with the permissions of the service account.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.9%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
LangChain
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-0772
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 92%