Plattform
python
Komponente
langflow
Behoben in
1.8.1
1.8.1
CVE-2026-27966 is a critical Remote Code Execution (RCE) vulnerability discovered in Langflow, specifically within the CSV Agent node. This flaw allows attackers to execute arbitrary Python and OS commands on the server through prompt injection. The vulnerability impacts versions of Langflow up to and including 1.8.0rc2, and a fix is available in version 1.8.0.
The impact of CVE-2026-27966 is severe. An attacker can leverage prompt injection within the CSV Agent node to execute arbitrary Python code. Because allowdangerouscode is hardcoded to True, no additional configuration is required for exploitation. This allows for direct execution of OS commands, granting the attacker full control over the affected server. The blast radius extends to any data processed by the CSV Agent, as an attacker could exfiltrate sensitive information or modify data. This vulnerability shares similarities with other prompt injection attacks targeting LLM-powered applications, highlighting the importance of secure coding practices and input validation.
CVE-2026-27966 was publicly disclosed on 2026-02-27. The vulnerability is considered high probability due to the ease of exploitation and the lack of authentication requirements. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's simplicity suggests that a PoC is likely to emerge. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Langflow for data processing and analysis, particularly those relying on the CSV Agent node for interacting with CSV files, are at significant risk. Shared hosting environments where multiple users share the same Langflow instance are especially vulnerable, as a compromised flow could impact other users.
• python / server:
import os
import subprocess
def check_langflow_version():
try:
process = subprocess.run(['pip', 'show', 'langflow'], capture_output=True, text=True)
output = process.stdout
if 'Version:' in output:
version = output.split('Version:')[1].strip().split('\n')[0]
if version <= '1.8.0rc2':
print(f'Langflow version is vulnerable: {version}')
else:
print(f'Langflow version is patched: {version}')
else:
print('Langflow not found.')
except FileNotFoundError:
print('pip not found.')
check_langflow_version()• linux / server:
ps aux | grep -i langflow• generic web: Inspect Langflow flow configurations for the use of the CSV Agent node and review associated prompts for suspicious code.
disclosure
patch
Exploit-Status
EPSS
0.15% (36% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-27966 is to upgrade Langflow to version 1.8.0 or later, which resolves the hardcoded allowdangerouscode=True setting. If upgrading is not immediately feasible, consider implementing strict input validation on any data passed to the CSV Agent node to prevent malicious prompt injection. While a direct workaround is not available, limiting the permissions of the user account running the Langflow application can reduce the potential impact of a successful exploit. After upgrading, confirm the fix by attempting a prompt injection attack and verifying that the Python REPL tool is no longer accessible.
Aktualisieren Sie Langflow auf Version 1.8.0 oder höher. Diese Version behebt die Remote Code Execution-Schwachstelle, indem die Ausführung von gefährlichem Code im CSV Agent Knoten deaktiviert wird. Das Update verhindert die Ausführung beliebiger Befehle auf dem Server.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27966 is a CRITICAL Remote Code Execution vulnerability in Langflow's CSV Agent node, allowing attackers to execute arbitrary code via prompt injection due to a hardcoded configuration.
You are affected if you are using Langflow versions 1.8.0rc2 or earlier. Upgrade to 1.8.0 or later to resolve the vulnerability.
Upgrade Langflow to version 1.8.0 or later. As a temporary workaround, implement a WAF rule to block suspicious prompts.
While no active exploitation campaigns have been publicly confirmed, the ease of exploitation makes it a high-priority vulnerability and potential for exploitation is high.
Refer to the Langflow project's official release notes and security advisories for details: [https://github.com/langflow-ai/langflow/releases](https://github.com/langflow-ai/langflow/releases)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.