CVE-2026-0770

CRITICAL EXPLOITED NUCLEI

Langflow validate exec_globals - Unauthenticated Root Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

CVE-2026-0770 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 9 public exploits from researchers including Diamorphine, XiaomingX, affix. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote code execution vulnerability in Langflow 1.2.0 by abusing the `exec_globals` parameter in the `/api/v1/validate/code` endpoint. It leverages Python's `subprocess.run` to execute arbitrary commands, with support for both authenticated and unauthenticated exploitation paths.

Description

Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.

Exploits (9)

exploitdb WORKING POC
by Diamorphine · pythonwebappsmultiple
https://www.exploit-db.com/exploits/52597

This exploit demonstrates an unauthenticated remote code execution vulnerability in Langflow 1.2.0 by abusing the `exec_globals` parameter in the `/api/v1/validate/code` endpoint. It leverages Python's `subprocess.run` to execute arbitrary commands, with support for both authenticated and unauthenticated exploitation paths.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Langflow 1.2.0
No auth needed
Prerequisites: Network access to target · Target running Langflow 1.2.0
devstral-2 · analyzed May 30, 2026 Full analysis →
github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-0770

This repository contains a functional exploit for CVE-2026-0770, a remote code execution vulnerability in Langflow's `validate_code()` function, which uses `exec()` on user-supplied Python code without sandboxing. The PoC leverages Python's default argument evaluation and generator `.throw()` to execute arbitrary commands and exfiltrate output via error responses.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Langflow (latest as of 7 Feb 2026)
No auth needed
Prerequisites: Network access to the target Langflow instance · Default configuration with `AUTO_LOGIN=true` or valid JWT token
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 1 stars
by affix · remote
https://github.com/affix/CVE-2026-0770-PoC

This repository contains a functional exploit for CVE-2026-0770, a remote code execution vulnerability in Langflow's `validate_code()` function. The exploit leverages Python's `exec()` with a crafted payload using generator `.throw()` to execute arbitrary commands and exfiltrate output via error responses.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Langflow (latest as of 7 Feb 2026)
No auth needed
Prerequisites: Network access to target · Default or known credentials if auto-login is disabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC
by diamorphine666 · pythonremote
https://github.com/diamorphine666/CVE-2026-0770

This repository contains a functional exploit for CVE-2026-0770, targeting Langflow < 1.3.0. The exploit leverages the `validate_code()` endpoint's `exec()` functionality to achieve remote code execution (RCE) via crafted Python code injection. It supports both authenticated and unauthenticated exploitation paths.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Langflow < 1.3.0
No auth needed
Prerequisites: Network access to target · Langflow API endpoint exposed
devstral-2 · analyzed May 24, 2026 Full analysis →
github WORKING POC
by XZ1r0 · pythonpoc
https://github.com/XZ1r0/cve-2026-poc-collection/tree/main/other/CVE-2026-0770-PoC

This repository contains a functional exploit for CVE-2026-0770, demonstrating remote code execution in Langflow via the `/api/v1/validate/code` endpoint. The exploit leverages Python's `exec()` function with a crafted payload that executes arbitrary commands through default argument evaluation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Langflow (latest as of 7 Feb 2026)
Auth required
Prerequisites: Default credentials (langflow/langflow) · AUTO_LOGIN=true (default config)
devstral-2 · analyzed May 21, 2026 Full analysis →
nomisec WORKING POC
by Ez4rd1x1 · remote
https://github.com/Ez4rd1x1/CVE-2026-0770

This repository contains a functional Python exploit for CVE-2026-0770, an unauthenticated RCE vulnerability in Langflow. The exploit leverages improper input validation in the `/validate` endpoint's `exec_globals` parameter to execute arbitrary commands as the `root` user.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Langflow (versions prior to patch)
No auth needed
Prerequisites: Network access to the target Langflow instance
devstral-2 · analyzed May 15, 2026 Full analysis →
nomisec WORKING POC
by 0xBlackash · poc
https://github.com/0xBlackash/CVE-2026-0770

The repository contains a functional Python exploit for CVE-2026-0770, targeting Langflow's `/api/v1/validate/code` endpoint. The exploit leverages a vulnerability in the `validate_code()` function, which uses `exec()` on user-supplied code, allowing remote code execution (RCE).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Langflow (versions up to 1.4.2)
No auth needed
Prerequisites: Network access to the target · Default credentials (langflow/langflow) if auto-login is used
devstral-2 · analyzed Apr 09, 2026 Full analysis →
nomisec SUSPICIOUS
by Yetazyyy · poc
https://github.com/Yetazyyy/CVE-2026-0770

The repository claims to exploit CVE-2026-0770 in Langflow via an RCE vulnerability but contains only an obfuscated Python script with no clear technical details or functional exploit code. The README lacks depth and pushes users to run the script without explanation.

Classification
Suspicious 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Langflow (version unspecified)
No auth needed
Prerequisites: Network access to target · Python environment
devstral-2 · analyzed Mar 08, 2026 Full analysis →
nomisec WORKING POC
by 0xgh057r3c0n · remote
https://github.com/0xgh057r3c0n/CVE-2026-0770

This repository contains a functional Python exploit for CVE-2026-0770, targeting a remote code execution (RCE) vulnerability in Langflow's /api/v1/validate/code endpoint. The exploit leverages Python's generator exception handling to execute arbitrary commands via a crafted payload, with support for auto-login using default credentials.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Langflow (version not specified)
Auth required
Prerequisites: Target with Langflow API exposed · Default credentials enabled (AUTO_LOGIN=true) · Network access to target
devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()
CRITICALVERIFIEDby affix
Shodan: title:"Langflow"
FOFA: title="Langflow"

References (1)

Core 1
Core References
Third Party Advisory x_research-advisory
https://www.zerodayinitiative.com/advisories/ZDI-26-036/

Scores

CVSS v3 9.8
EPSS 0.1766
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2026-02-14
CWE
CWE-829
Status published
Products (2)
langflow/langflow 1.4.2
pypi/langflow 0PyPI
Published Jan 23, 2026
Tracked Since Feb 18, 2026