CVE-2026-33873

Summary

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementati

Severity

critical

EPSS

1.4% (p69)

Also known as

GHSA-v8hw-mh8c-jxfc, PYSEC-2026-82

Published

2026-03-27

References

• https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297
• https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31
• https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53

Related advisories

• CVE-2026-55450 — critical · PyPI/langflow
• CVE-2026-48519 — critical · PyPI/langflow
• CVE-2026-42048 — critical · PyPI/langflow
• CVE-2026-33309 — critical · PyPI/langflow
• CVE-2026-33017 — critical · PyPI/langflow
• CVE-2026-27966 — critical · PyPI/langflow
• CVE-2025-34291 — critical · PyPI/langflow
• CVE-2025-3248 — critical · PyPI/langflow

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity