PT-2026-36703 · Langflow · Langflow
Wenject
·
Published
2026-05-03
·
Updated
2026-05-03
·
CVE-2026-7700
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
langflow versions prior to 1.8.5
Description
A weakness in the LambdaFilterComponent allows for remote code injection. This issue occurs within the
eval() function located in the file src/lfx/src/lfx/components/llm operations/lambda filter.p.Recommendations
Update to a version later than 1.8.4.
As a temporary workaround, restrict the use of the
eval() function within the LambdaFilterComponent.Exploit
Fix
Special Elements Injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Langflow