Arbitrary Code Execution Vulnerability in Langflow's Agentic Assistant Feature
CVE-2026-33873

9.3CRITICAL

Key Information:

Vendor

Langflow-ai

Status
Langflow
Vendor
CVE Published:
27 March 2026

What is CVE-2026-33873?

Langflow, a platform for building AI-driven agents, contains a vulnerability in its Agentic Assistant feature that allows untrusted input to be executed as server-side Python code. This flaw arises during the validation phase of generated components, where it improperly reaches dynamic execution sinks. Attackers with access to this feature can manipulate model outputs to generate and execute arbitrary code on the server, posing significant security risks to applications using this tool. The issue has been addressed and resolved in version 1.9.0.

Affected Version(s)

langflow < 1.9.0

References

https://github.com/langflow-ai/langflow/security/advisori...
x_refsource_CONFIRM
https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5...
x_refsource_MISC
https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5...
x_refsource_MISC

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.