cbcvebase.
CVE-2026-48519
published 2026-06-23

CVE-2026-48519: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains…

PriorityP359critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
0.69%
48.1th percentile
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link. Specifically, it enables the route /api/v1/build_public_tmp to execute any public flow, given a public flow ID. When the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload. The vulnerable field is data.nodes[X].data.node.template.code.value. This vulnerability is fixed in 1.9.2.

Affected

3 ranges
VendorProductVersion rangeFixed in
langflow-ailangflow< 1.9.21.9.2
langflowlangflow< 1.9.21.9.2
langflowlangflow>= 0 < 1.9.21.9.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.