cbcvebase.
CVE-2026-27966
published 2026-02-26

CVE-2026-27966: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
33.69%
98.2th percentile
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.

Affected

3 ranges
VendorProductVersion rangeFixed in
langflow-ailangflow< 1.8.01.8.0
langflowlangflow< 1.8.01.8.0
langflowlangflow0 – 1.8.0rc2

Detection & IOCsextracted from sources · hover to see the quote

pathmulti/http/langflow_rce_cve_2026_27966
processpython_repl_ast
  • Detect exploitation attempts by monitoring for HTTP requests that craft and send a specially-crafted flow containing Python code targeting the CSV Agent node endpoint in Langflow instances running versions prior to 1.8.0.
  • Alert on any Langflow process spawning unexpected OS-level child processes, as the vulnerability allows arbitrary OS command execution via the exposed python_repl_ast REPL tool through prompt injection.
  • ·The attack vector is prompt injection — exploitation requires the attacker to influence the prompt/input processed by the CSV Agent node, not a direct API call alone.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.