CVE-2026-33873 Langflow 任意代码执行漏洞，影响1.8.3rc0及以下

CVE-2026-33873 影响 Langflow，这是一款用于构建和部署 AI 驱动代理和工作流程的工具。在 1.9.0 版本之前，Langflow 中的“Agentic Assistant”功能会在验证阶段执行 LLM 生成的 Python 代码。虽然此阶段似乎旨在验证生成的组件代码，但实现会达到动态执行汇聚点并在服务器端实例化生成的类。在攻击者可以访问“Agentic Assistant”功能并影响模型输出的部署中，这可能导致远程代码执行 (RCE)。CVSS 分数为 9.5，表明存在一个关键漏洞。在底层服务器上执行任意代码的能力对系统的机密性、完整性和可用性构成重大风险。

Organizations deploying Langflow in production environments, particularly those where the AI models are exposed to untrusted input or where the Agentic Assistant feature is accessible to unauthorized users, are at significant risk. Shared hosting environments utilizing Langflow are also vulnerable, as a compromised model could impact multiple tenants.

• python / server: Monitor Python processes for unexpected or suspicious activity. Use tools like ps or top to identify processes executing unusual Python scripts.

ps aux | grep python

• python / server: Examine server logs for errors or warnings related to code execution within the Agentic Assistant feature. Look for patterns indicative of malicious code injection.

grep -i "error" /var/log/syslog

• python / server: Use system auditing tools to track file modifications within the Langflow installation directory, particularly those related to the Agentic Assistant feature. • generic web: Monitor access logs for requests targeting the Agentic Assistant endpoint, especially those originating from untrusted sources.

1. 2026-03-27Disclosure

   disclosure

1. 已保留2026-03-24
2. 发布日期2026-03-27
3. 修改日期2026-04-02
4. EPSS 更新日期2026-04-04

CVE-2026-33873 的主要缓解措施是将 Langflow 升级到 1.9.0 或更高版本。此版本通过消除验证阶段中 LLM 生成的 Python 代码的执行来修复漏洞。此外，建议审查和强化 Langflow 的安全配置，包括为“Agentic Assistant”功能实施严格的访问控制。监控系统活动以查找异常行为也有助于检测和响应潜在攻击。考虑为“Agentic Assistant”使用沙盒执行环境，以提供额外的保护层。