PYSEC-2026-82

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/langflow/PYSEC-2026-82.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2026-82

Aliases

Published

2026-03-27T21:17:23.953Z

Modified

2026-05-20T09:19:04.693650Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class server-side. In deployments where an attacker can access the Agentic Assistant feature and influence the model output, this can result in arbitrary server-side Python execution. Version 1.9.0 fixes the issue.

References

Affected packages

PyPI / langflow

Package

Name: langflow; View open source insights on deps.dev
Purl: pkg:pypi/langflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.0

Affected versions

0.*

0.0.31

0.0.32

0.0.33

0.0.40

0.0.44

0.0.45

0.0.46

0.0.52

0.0.53

0.0.54

0.0.55

0.0.56

0.0.57

0.0.58

0.0.61

0.0.62

0.0.63

0.0.64

0.0.65

0.0.66

0.0.67

0.0.68

0.0.69

0.0.70

0.0.71

0.0.72

0.0.73

0.0.74

0.0.75

0.0.76

0.0.78

0.0.79

0.0.80

0.0.81

0.0.83

0.0.84

0.0.85

0.0.86

0.0.87

0.0.88

0.0.89

0.1.0

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

0.2.10

0.2.11

0.2.12

0.2.13

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.8

0.4.9

0.4.10

0.4.11

0.4.12

0.4.14

0.4.15

0.4.16

0.4.17

0.4.18

0.4.19

0.4.20

0.4.21

0.5.0a0

0.5.0a1

0.5.0a2

0.5.0a3

0.5.0a4

0.5.0a5

0.5.0a6

0.5.0b0

0.5.0b2

0.5.0b3

0.5.0b4

0.5.0b5

0.5.0b6

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.5.6

0.5.7

0.5.8

0.5.9

0.5.10

0.5.11

0.5.12

0.6.0rc1

0.6.0

0.6.1

0.6.2

0.6.3a0

0.6.3a1

0.6.3a2

0.6.3a3

0.6.3a4

0.6.3a5

0.6.3a6

0.6.3a7

0.6.3

0.6.4a0

0.6.4a1

0.6.4

0.6.5a0

0.6.5a1

0.6.5a2

0.6.5a3

0.6.5a4

0.6.5a5

0.6.5a6

0.6.5a7

0.6.5a8

0.6.5a9

0.6.5a10

0.6.5a11

0.6.5a12

0.6.5a13

0.6.5

0.6.6

0.6.7a1

0.6.7a2

0.6.7a3

0.6.7a5

0.6.7

0.6.8

0.6.9

0.6.10

0.6.11

0.6.12

0.6.14

0.6.15

0.6.16

0.6.17

0.6.18

0.6.19

1.*

1.0.0a0

1.0.0a1

1.0.0a2

1.0.0a3

1.0.0a4

1.0.0a5

1.0.0a6

1.0.0a7

1.0.0a8

1.0.0a9

1.0.0a10

1.0.0a11

1.0.0a12

1.0.0a13

1.0.0a14

1.0.0a15

1.0.0a17

1.0.0a18

1.0.0a19

1.0.0a20

1.0.0a21

1.0.0a22

1.0.0a23

1.0.0a24

1.0.0a25

1.0.0a26

1.0.0a27

1.0.0a28

1.0.0a29

1.0.0a30

1.0.0a31

1.0.0a32

1.0.0a33

1.0.0a34

1.0.0a35

1.0.0a36

1.0.0a37

1.0.0a38

1.0.0a39

1.0.0a40

1.0.0a41

1.0.0a42

1.0.0a43

1.0.0a44

1.0.0a45

1.0.0a46

1.0.0a47

1.0.0a48

1.0.0a49

1.0.0a50

1.0.0a51

1.0.0a52

1.0.0a53

1.0.0a55

1.0.0a56

1.0.0a57

1.0.0a58

1.0.0a59

1.0.0a60

1.0.0a61

1.0.0rc0

1.0.0rc1

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.19.post1

1.0.19.post2

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.4.post1

1.2.0

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.4.0

1.4.1

1.4.2

1.4.3

1.5.0

1.5.0.post1

1.5.0.post2

1.5.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7.0

1.7.1

1.7.2

1.7.3

1.8.0rc0

1.8.0rc1

1.8.0rc2

1.8.0rc3

1.8.0rc4

1.8.0rc5

1.8.0rc6

1.8.0

1.8.1

1.8.2

1.8.3rc0

1.8.3

1.8.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/langflow/PYSEC-2026-82.yaml"