CVE-2026-0769
Published: 23 January 2026
Summary
CVE-2026-0769 is a critical-severity Eval Injection (CWE-95) vulnerability in Langflow Langflow. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and CM-7 (Least Functionality).
Deeper analysis
CVE-2026-0769 is an eval injection vulnerability in the eval_custom_component_code function of Langflow that permits remote code execution. The flaw stems from insufficient validation of user-supplied input before it is passed to Python code execution, enabling an attacker to run arbitrary commands in the context of the affected process. The issue carries a CVSS 3.0 score of 9.8 and is tracked under CWE-95; it was originally reported as ZDI-CAN-26972.
Unauthenticated remote attackers can exploit the vulnerability over the network without user interaction to achieve full code execution on the target system. Successful exploitation grants the attacker the ability to read, modify, or delete data and potentially take full control of the Langflow instance.
The Zero Day Initiative advisory ZDI-26-035 provides further details on the issue. The EPSS score rose from a low baseline to a peak of 0.0295, indicating emerging exploitation interest after disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4475
Vulnerability details
Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of eval_custom_component_code function.…
more
The issue results from the lack of proper validation of a user-supplied string before using it to execute python code. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26972.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: langflow
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of user-supplied input before it is used in dynamic Python code execution, addressing the root cause of the eval_custom_component_code flaw.
Restricts the system to only necessary functionality, limiting or disabling unsafe dynamic code evaluation capabilities that enable the RCE.
Deploys mechanisms to detect and block malicious code patterns or behaviors introduced via the unauthenticated eval injection vector.