Skip to content

Create CVE-2026-0770 - Langflow Remote Code Execution#15384

Open
affix wants to merge 4 commits intoprojectdiscovery:mainfrom
affix:patch-1
Open

Create CVE-2026-0770 - Langflow Remote Code Execution#15384
affix wants to merge 4 commits intoprojectdiscovery:mainfrom
affix:patch-1

Conversation

@affix
Copy link
Contributor

@affix affix commented Feb 18, 2026

PR Information

Added CVE-2026-0770 Langflow - Remote Code Execution via validate_code() exec()

https://nvd.nist.gov/vuln/detail/CVE-2026-0770
https://github.com/affix/CVE-2026-0770-PoC

Template validation

  • Validated with a host running a vulnerable version and/or configuration (True Positive)
  • Validated with a host running a patched version and/or configuration (avoid False Positive)

There is no patched version

Additional Details (leave it blank if not applicable)

Additional References:

@Akokonunes
Update CVE-2026-0770 details and remediation
84e7559 
Langflow contains a remote code execution vulnerability caused by untrusted control sphere inclusion in the exec_globals parameter, allowing remote attackers to execute arbitrary code as root without authentication.
@Akokonunes Akokonunes added the Done Ready to merge label Feb 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DhiyaneshGeek DhiyaneshGeek Awaiting requested review from DhiyaneshGeek

Assignees

@Akokonunes Akokonunes

Labels

Done Ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@affix @Akokonunes

Comments