CVE-2026-33475

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0

Description Langflow is susceptible to an unauthenticated remote shell injection issue in GitHub Actions workflows. The issue stems from the unsanitized interpolation of GitHub context variables, such as ${{ github.head ref }}, within run: steps. This allows attackers to inject and execute arbitrary shell commands by crafting malicious branch names or pull request titles. Successful exploitation can lead to the exfiltration of secrets like GITHUB TOKEN, manipulation of infrastructure, or compromise of the supply chain during CI/CD execution. The vulnerability exists in workflows located in .github/workflows/ and .github/actions/, specifically in files like action.yml, deploy-docs-draft.yml, docker-build.yml, release nightly.yml, python test.yml, and typescript test.yml. The API endpoints are not directly involved in the vulnerability, but the GitHub Actions workflows are triggered by events related to branch and pull request creation. The vulnerable parameters are the GitHub context variables, such as github.head ref and github.event.pull request.title.

Recommendations Versions prior to 1.9.0 should be updated to version 1.9.0 or later. Refactor affected workflows to use environment variables and wrap them in double quotes. Avoid direct ${{ ... }} interpolation inside run: for any user-controlled value.