langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
"https://github.com/pypa/advisory-database/blob/main/vulns/langflow/PYSEC-2026-1523.yaml"