alvinhidayatullah

2 exploits Active since Feb 2026
CVE-2026-27966 GITHUB CRITICAL python WORKING POC
Langflow < 1.8.0 - Remote Code Execution via CSV Agent Node
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.
10 stars
CVSS 9.8
CVE-2026-27966 NOMISEC CRITICAL WORKING POC
Langflow < 1.8.0 - Remote Code Execution via CSV Agent Node
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.
CVSS 9.8