CVE-2026-27966
CRITICALLangflow <1.8.0 - RCE
Title source: llmDescription
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.
Exploits (3)
github
WORKING POC
10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-27966
nomisec
WORKING POC
by Anon-Cyber-Team · poc
https://github.com/Anon-Cyber-Team/CVE-2026-27966--RCE-in-Langflow
metasploit
WORKING POC
EXCELLENT
by weblover12, Takahiro Yokoyama · rubypocpython
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb
Scores
CVSS v3
9.8
EPSS
0.0023
EPSS Percentile
45.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (2)
langflow/langflow
< 1.8.0
pypi/langflow
0PyPI
Published
Feb 26, 2026
Tracked Since
Feb 26, 2026