CVE-2026-27966
- Source
- https://cve.org/CVERecord?id=CVE-2026-27966
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27966.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-27966
- Aliases
- Published
- 2026-02-26T01:55:18.580Z
- Modified
- 2026-03-03T02:57:08.025496Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Langflow has Remote Code Execution in CSV Agent
- Details
-
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes
allow_dangerous_code=True, which automatically exposes LangChain’s Python REPL tool (python_repl_ast). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27966.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-94" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27966.json
- https://github.com/langflow-ai/langflow/commit/d8c6480daa17b2f2af0b5470cdf5c3d28dc9e508
- https://github.com/langflow-ai/langflow/security/advisories/GHSA-3645-fxcv-hqr4
- https://nvd.nist.gov/vuln/detail/CVE-2026-27966
Affected packages
Git / github.com/langflow-ai/langflow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/langflow-ai/langflow
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.1.2
1.1.3
1.1.4
1.2.0
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.2
1.5.0.post1
1.8.0.rc0
1.8.0.rc1
1.8.0.rc2
1.8.0.rc3
v0.*
v0.0.19
v0.0.20
v0.0.21
v0.0.22
v0.0.23
v0.0.24
v0.0.31
v0.0.32
v0.0.33
v0.0.40
v0.0.44
v0.0.45
v0.0.46
v0.0.52
v0.0.53
v0.0.54
v0.0.55
v0.0.56
v0.0.57
v0.0.58
v0.0.61
v0.0.62
v0.0.63
v0.0.64
v0.0.65
v0.0.66
v0.0.67
v0.0.68
v0.0.69
v0.0.70
v0.0.71
v0.0.72
v0.0.73
v0.0.74
v0.0.75
v0.0.76
v0.0.77
v0.0.78
v0.0.79
v0.0.80
v0.0.81
v0.0.82
v0.0.83
v0.0.84
v0.0.85
v0.0.86
v0.0.87
v0.0.88
v0.0.89
v0.1.0
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.4.10
v0.4.11
v0.4.12
v0.4.14
v0.4.15
v0.4.16
v0.4.17
v0.4.18
v0.4.19
v0.4.2
v0.4.20
v0.4.21
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.0a0
v0.5.0a1
v0.5.0a2
v0.5.0a3
v0.5.0a4
v0.5.0a5
v0.5.0a6
v0.5.0b0
v0.5.0b2
v0.5.0b3
v0.5.0b4
v0.5.0b5
v0.5.0b6
v0.5.1
v0.5.10
v0.5.11
v0.5.12
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.0a0
v0.6.0rc1
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.3
v0.6.3a0
v0.6.3a1
v0.6.3a2
v0.6.3a3
v0.6.3a4
v0.6.3a5
v0.6.3a6
v0.6.3a7
v0.6.4
v0.6.4a0
v0.6.4a1
v0.6.5
v0.6.5a0
v0.6.5a1
v0.6.5a10
v0.6.5a11
v0.6.5a12
v0.6.5a13
v0.6.5a2
v0.6.5a3
v0.6.5a4
v0.6.5a5
v0.6.5a6
v0.6.5a7
v0.6.5a8
v0.6.5a9
v0.6.6
v0.6.7
v0.6.7a1
v0.6.7a2
v0.6.7a3
v0.6.7a5
v0.6.8
v0.6.9
v1.*
v1.0.0
v1.0.0a11
v1.0.0a12
v1.0.0a13
v1.0.0a14
v1.0.0a15
v1.0.0a17
v1.0.0a18
v1.0.0a19
v1.0.0a20
v1.0.0a21
v1.0.0a22
v1.0.0a23
v1.0.0a24
v1.0.0a26
v1.0.0a27
v1.0.0a28
v1.0.0a29
v1.0.0a30
v1.0.0a31
v1.0.0a32
v1.0.0a33
v1.0.0a34
v1.0.0a35
v1.0.0a36
v1.0.0a37
v1.0.0a38
v1.0.0a4
v1.0.0a40
v1.0.0a41
v1.0.0a42
v1.0.0a43
v1.0.0a44
v1.0.0a45
v1.0.0a46
v1.0.0a47
v1.0.0a48
v1.0.0a49
v1.0.0a5
v1.0.0a50
v1.0.0a51
v1.0.0a52
v1.0.0a53
v1.0.0a55
v1.0.0a56
v1.0.0a57
v1.0.0a58
v1.0.0a59
v1.0.0a6
v1.0.0a60
v1.0.0a7
v1.0.0a8
v1.0.0rc0
v1.0.0rc1
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1