Critical severityNVD Advisory· Published Feb 26, 2026· Updated Feb 28, 2026
Langflow has Remote Code Execution in CSV Agent
CVE-2026-27966
Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allow_dangerous_code=True, which automatically exposes LangChain’s Python REPL tool (python_repl_ast). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langflowPyPI | <= 1.8.0rc2 | — |
Affected products
2- Range: < 1.8.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-3645-fxcv-hqr4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-27966ghsaADVISORY
- github.com/langflow-ai/langflow/commit/d8c6480daa17b2f2af0b5470cdf5c3d28dc9e508ghsax_refsource_MISCWEB
- github.com/langflow-ai/langflow/security/advisories/GHSA-3645-fxcv-hqr4ghsax_refsource_CONFIRMWEB
News mentions
1- Metasploit Wrap-Up 04/25/2026Rapid7 Blog · Apr 24, 2026