CVE-2026-0769

EUVD-2026-4475

23.01.2026, 04:16

Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of eval_custom_component_code function. The issue results from the lack of proper validation of a user-supplied string before using it to execute python code. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26972.

Eval Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi	CNA	9.8 CRITICAL				CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Affected Products (NVD)

Vendor	Product	Version
langflow	langflow	1.3.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

References

https://www.zerodayinitiative.com/advisories/ZDI-26-035/