CVE-2026-7700: A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/s
Summary
A code injection vulnerability (CVE-2026-7700) was found in langflow-ai langflow up to version 1.8.4, specifically in the eval function of the LambdaFilterComponent. The vulnerability allows attackers to execute arbitrary code remotely if they have login access, and a working exploit has been publicly released.
Vulnerability Details
6.3(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
network
low
low
none
May 3, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7700
First tracked: May 3, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 92%