Cyber Resilience

CVE-2026-0769

CriticalRCE

Published: 23 January 2026

Published
23 January 2026
Modified
18 February 2026
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3383 98.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-0769 is a critical-severity Eval Injection (CWE-95) vulnerability in Langflow Langflow. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-0769 is an eval injection vulnerability in the eval_custom_component_code function of Langflow that permits remote code execution. The flaw stems from insufficient validation of user-supplied input before it is passed to Python code execution, enabling an attacker to run arbitrary commands in the context of the affected process. The issue carries a CVSS 3.0 score of 9.8 and is tracked under CWE-95; it was originally reported as ZDI-CAN-26972.

Unauthenticated remote attackers can exploit the vulnerability over the network without user interaction to achieve full code execution on the target system. Successful exploitation grants the attacker the ability to read, modify, or delete data and potentially take full control of the Langflow instance.

The Zero Day Initiative advisory ZDI-26-035 provides further details on the issue. The EPSS score rose from a low baseline to a peak of 0.0295, indicating emerging exploitation interest after disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of eval_custom_component_code function.…

more

The issue results from the lack of proper validation of a user-supplied string before using it to execute python code. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26972.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: langflow

Related Threats

CVEs Like This One

CVE-2026-33017Same product: Langflow Langflow
CVE-2026-33497Same product: Langflow Langflow
CVE-2026-21445Same product: Langflow Langflow
CVE-2026-33873Same product: Langflow Langflow
CVE-2026-33475Same product: Langflow Langflow
CVE-2026-7528Same product: Langflow Langflow
CVE-2026-33309Same product: Langflow Langflow
CVE-2026-3357Same product: Langflow Langflow
CVE-2026-27966Same product: Langflow Langflow
CVE-2026-33484Same product: Langflow Langflow

Affected Assets

langflow
langflow
1.3.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of user-supplied input before it is used in dynamic Python code execution, addressing the root cause of the eval_custom_component_code flaw.

prevent

Restricts the system to only necessary functionality, limiting or disabling unsafe dynamic code evaluation capabilities that enable the RCE.

preventdetect

Deploys mechanisms to detect and block malicious code patterns or behaviors introduced via the unauthenticated eval injection vector.

References