CVE-2026-27966 CRITICAL

CVE-2026-27966: Langflow has Remote Code Execution in CSV Agent

Vendor Langflow-Ai
Product langflow
Weakness CWE-94 · Code injection
Published February 26, 2026
Last update February 28, 2026

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.

Key dates

02Disclosure timeline

February 26, 2026 CVE published
February 28, 2026 Record updated