CVE-2026-0770
Published: 23 January 2026
Summary
CVE-2026-0770 is a uncategorised-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Langflow Langflow. Its CVSS base score is N/A.
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the improper handling of the exec_globals parameter by requiring validation of untrusted inputs to prevent inclusion of malicious functionality from untrusted control spheres.
Addresses the specific flaw in the validate endpoint by mandating timely identification, reporting, and correction of vulnerabilities like this RCE.
Limits permitted actions on unauthenticated endpoints like validate, preventing remote attackers from exploiting the exec_globals parameter without identification or authentication.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated RCE on public-facing Langflow web app via crafted validate endpoint requests enables T1190; arbitrary Python code execution via exec_globals maps to T1059.006.
NVD Description
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within…
more
the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.
Deeper analysisAI
CVE-2026-0770 is a remote code execution vulnerability in Langflow, stemming from the improper handling of the exec_globals parameter in the validate endpoint. This flaw enables the inclusion of functionality from an untrusted control sphere, classified under CWE-829 (Inclusion of Functionality from Untrusted Control Sphere). It affects Langflow installations, allowing remote attackers to execute arbitrary code without requiring authentication. The vulnerability was disclosed on January 23, 2026, and previously tracked as ZDI-CAN-27325.
Remote attackers can exploit this vulnerability by sending crafted requests to the validate endpoint, leveraging the exec_globals parameter to inject and execute malicious code. No authentication is needed, making it accessible to any unauthenticated remote adversary with network access to the affected Langflow instance. Successful exploitation grants code execution in the context of the root user, potentially leading to full system compromise.
The Zero Day Initiative published an advisory detailing the vulnerability at https://www.zerodayinitiative.com/advisories/ZDI-26-036/, which security practitioners should consult for mitigation guidance and patch information.
Details
- CWE(s)