CVE-2026-0770

Name of the Vulnerable Software and Affected Versions Langflow (affected versions not specified)

Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code. Authentication is not required for exploitation. The issue stems from the inclusion of functionality from an untrusted control sphere when handling the exec globals parameter provided to the validate endpoint. Successful exploitation allows an attacker to execute code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.