langflow
Behoben in
1.9.1
1.9.0
CVE-2026-33873 is a critical Remote Code Execution (RCE) vulnerability affecting Langflow versions up to 1.9.0. The Agentic Assistant feature, designed for validating generated component code, suffers from a flaw that allows attackers to trigger arbitrary server-side Python execution. This vulnerability poses a significant risk to deployments where an attacker can manipulate the model's output, potentially leading to complete system compromise. A fix is available in version 1.9.0.
The impact of CVE-2026-33873 is severe. Successful exploitation allows an attacker to execute arbitrary Python code on the server hosting the Langflow application. This can lead to complete system takeover, data exfiltration, and further malicious activities. The attacker's ability to influence the model output is the key prerequisite, suggesting scenarios where the application interacts with untrusted user input or external data sources that can be manipulated to generate malicious code. The blast radius extends to any sensitive data processed by the Langflow application and potentially to other systems accessible from the compromised server. This vulnerability shares similarities with other code injection flaws where dynamic code execution is enabled through untrusted input, potentially allowing for privilege escalation and lateral movement within the network.
CVE-2026-33873 was publicly disclosed on 2026-03-27. The vulnerability's severity is classified as CRITICAL with a CVSS score of 9.5. There are currently no known public exploits or active campaigns targeting this vulnerability, but the ease of exploitation makes it a high-priority concern. It is not currently listed on the CISA KEV catalog.
Organizations deploying Langflow in production environments, particularly those where the AI models are exposed to untrusted input or where the Agentic Assistant feature is accessible to unauthorized users, are at significant risk. Shared hosting environments utilizing Langflow are also vulnerable, as a compromised model could impact multiple tenants.
• python / server: Monitor Python processes for unexpected or suspicious activity. Use tools like ps or top to identify processes executing unusual Python scripts.
ps aux | grep python• python / server: Examine server logs for errors or warnings related to code execution within the Agentic Assistant feature. Look for patterns indicative of malicious code injection.
grep -i "error" /var/log/syslog• python / server: Use system auditing tools to track file modifications within the Langflow installation directory, particularly those related to the Agentic Assistant feature. • generic web: Monitor access logs for requests targeting the Agentic Assistant endpoint, especially those originating from untrusted sources.
disclosure
Exploit-Status
EPSS
0.09% (25% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-33873 is to upgrade Langflow to version 1.9.0 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restrict access to the Agentic Assistant feature to trusted users only. Implement strict input validation and sanitization on any data used to influence the model output. Consider using a Web Application Firewall (WAF) with rules to detect and block suspicious Python code execution attempts. Monitor system logs for unusual Python process activity or unexpected file modifications. After upgrading, confirm the vulnerability is resolved by attempting to trigger the Agentic Assistant feature with a known malicious payload and verifying that it is properly blocked.
Aktualisieren Sie Langflow auf Version 1.9.0 oder höher. Diese Version behebt die Schwachstelle der willkürlichen Codeausführung während der Validierung des Agentic Assistant. Das Update verhindert, dass ein Angreifer bösartigen Python-Code auf dem Server ausführt.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-33873 is a critical Remote Code Execution vulnerability in Langflow versions up to 1.9.0. It allows attackers to execute arbitrary Python code on the server through the Agentic Assistant feature if they can influence the model output.
You are affected if you are using Langflow version 1.9.0 or earlier and the Agentic Assistant feature is accessible and potentially influenced by untrusted input.
Upgrade Langflow to version 1.9.0 or later to remediate the vulnerability. If upgrading is not immediately possible, implement strict input validation and restrict access to the Agentic Assistant feature.
As of the current disclosure date, there are no known public exploits or confirmed active exploitation campaigns for CVE-2026-33873.
Refer to the Langflow project's official website and security advisories for the latest information and updates regarding CVE-2026-33873.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.