Langflow · Langflow · CVE-2026-0768
**Name of the Vulnerable Software and Affected Versions**
Langflow (affected versions not specified)
**Description**
A flaw exists in Langflow that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied input provided to the `validate` API endpoint. Specifically, the code parameter is not properly sanitized before being used to execute Python code, potentially allowing an attacker to execute code with root privileges.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.