Cyber Resilience

CVE-2026-0768

CriticalRCE

Published: 23 January 2026

Published
23 January 2026
Modified
18 February 2026
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0204 78.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-0768 is a critical-severity Code Injection (CWE-94) vulnerability in Langflow Langflow. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 21.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

Langflow contains a remote code execution vulnerability that permits unauthenticated attackers to run arbitrary Python code on affected installations. The flaw lies in the validate endpoint, which accepts a user-supplied code parameter and passes it to a Python interpreter without sufficient validation, resulting in execution in the root context. The issue is tracked as CVE-2026-0768 with a CVSS score of 9.8 and was originally reported as ZDI-CAN-27322.

Remote attackers can exploit the weakness over the network without authentication or user interaction to achieve full code execution on the target system. Successful exploitation grants the ability to run commands, access or modify data, and potentially take complete control of the affected host.

The EPSS score for this CVE rose from lower values to a peak of 0.0973 on 2026-05-25 before receding to the current 0.0428, indicating a period of increased exploitation interest after disclosure. The primary public reference is the Zero Day Initiative advisory at https://www.zerodayinitiative.com/advisories/ZDI-26-034/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code…

more

parameter provided to the validate endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-27322.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: langflow

Related Threats

CVEs Like This One

CVE-2026-33873Same product: Langflow Langflow
CVE-2026-27966Same product: Langflow Langflow
CVE-2026-33017Same product: Langflow Langflow
CVE-2026-33309Same product: Langflow Langflow
CVE-2026-42048Same product: Langflow Langflow
CVE-2026-7524Same product: Langflow Langflow
CVE-2025-34291Same product: Langflow Langflow
CVE-2026-0770Same product: Langflow Langflow
CVE-2026-0769Same product: Langflow Langflow
CVE-2026-33484Same product: Langflow Langflow

Affected Assets

langflow
langflow
1.4.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the user-supplied code parameter before it is passed to the Python interpreter, blocking the injection that leads to unauthenticated RCE.

prevent

Limits the validate endpoint process to non-root privileges so that successful code execution cannot immediately grant full system control.

prevent

Enforces access-control policy on the validate endpoint so that unauthenticated remote callers cannot reach the code-execution path at all.

References