CVE-2026-0768

Name of the Vulnerable Software and Affected Versions Langflow (affected versions not specified)

Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied input provided to the validate API endpoint. Specifically, the code parameter is not properly sanitized before being used to execute Python code, potentially allowing an attacker to execute code with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.