CVE-2026-27966
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
36.6%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 2/26/2026
- Last Modified
- 2/27/2026
Frequently Asked Questions
What is CVE-2026-27966?
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.
Is CVE-2026-27966 actively exploited?
Active exploitation of CVE-2026-27966 has not been confirmed. The EPSS score is 36.6%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2026-27966?
CVE-2026-27966 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.
Is CVE-2026-27966 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.