CVE-2026-27966

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.8.0

Description Langflow is a tool for building and deploying AI-powered agents and workflows. In the CSV Agent node, the variable allow dangerous code is hardcoded to True, which automatically exposes LangChain's Python REPL tool (python repl ast). This allows an attacker to execute arbitrary Python and operating system commands on the server through prompt injection, leading to full Remote Code Execution (RCE). Additionally, some reports indicate a deserialization flaw in the flow import endpoint where malicious YAML payloads can be used to execute arbitrary code without authentication. Over 3,000 instances have been identified globally.

Recommendations Update to version 1.8.0. Restrict or disable the CSV Agent node in untrusted deployments.