CVE-2026-0772

High CVSS: 7.5

Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability.

The specific flaw exists within the disk cache service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27919.

Vendor

Langflow

Product

Langflow

CWE

CWE-502

Yayın Tarihi

2026-01-23 04:16:04

Güncelleme

2026-02-18 19:05:00

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-502 Langflow HIGH Langflow 2026

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-26-038/

Benzer Kayıtlar

Critical

CVE-2026-33873

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assis…

High

CVE-2026-33484

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/ap…

High

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_p…

Critical

CVE-2026-33475

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection…

Critical

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypas…

Medium

CVE-2026-33053

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_ap…