Detections
Analytics
Langflow < 1.8.2 Unauthenticated Remote Code Execution
critical Web App Scanning Plugin ID 115176
Synopsis
Langflow < 1.8.2 Unauthenticated Remote Code ExecutionDescription
Langflow versions before 1.8.2 allow unauthenticated remote code execution via the '/api/v1/build_public_tmp/{flow_id}/flow' endpoint. Attacker-supplied flow data with arbitrary Python code in node definitions is passed to exec() without sandboxing, enabling code execution without authentication. This detection is included in the AI and LLM category.Solution
Upgrade to Langflow version 1.8.2 or later.See Also
Plugin Details
Severity: Critical
ID: 115176
Type: remote
Family: Artificial Intelligence
Published: 3/27/2026
Updated: 3/27/2026
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Critical
Score: 9.2
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2026-33017
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score Source: CVE-2026-33017
CVSS v4
Risk Factor: Critical
Base Score: 9.3
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVSS Score Source: CVE-2026-33017
Vulnerability Information
CPE: cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 3/16/2026
CISA Known Exploited Vulnerability Due Dates: 4/8/2026
Reference Information
CVE: CVE-2026-33017
OWASP: 2010-A1, 2010-A3, 2013-A1, 2013-A2, 2017-A1, 2017-A2, 2021-A3, 2021-A7, 2025-A5, 2025-A7
WASC: Insufficient Authentication, OS Commanding
CAPEC: 12, 166, 242, 35, 36, 62, 77
DISA STIG: APSC-DV-000460, APSC-DV-002510
HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a), 164.312(e)
ISO: 27001-A.14.2.5, 27001-A.9.1.2, 27001-A.9.2.3, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-6(1), sp800_53-SI-10
OWASP API: 2019-API7, 2019-API8, 2023-API8
OWASP ASVS: 4.0.2-3.7.1, 4.0.2-5.2.5
PCI-DSS: 3.2-6.5.1, 3.2-6.5.10