CRITICAL 9.8

PYSEC-2025-36

Details

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / langflow

Introduced in: 0 Fixed in: 1.3.0

Fix pip install --upgrade 'langflow>=1.3.0'

References

https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/ [WEB]
https://github.com/langflow-ai/langflow/pull/6911 [FIX]
https://github.com/langflow-ai/langflow/releases/tag/1.3.0 [WEB]