CNNVD-202601-4175 Information
Jan 23, 2026
cve
CNNVD ID
CNNVD-202601-4175
Related CVE
- CNNVD Published: 2026-01-23
Description (Chinese)
Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow存在代码问题漏洞,该漏洞源于磁盘缓存服务缺乏对用户提供数据的验证,可能导致反序列化不受信任数据和远程代码执行。
Description (English)
Langflow is a visual framework for building multi-agent and RAG applications from Langflow Open Source. Langflow has a code problem loophole, which stems from the lack of validation of data provided by users by the disk cache service, which may result in anti-serialization not being trusted data and remote coded.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Langflow
Published
2026-01-23
Last Modified
2026-02-24
References
https://www.zerodayinitiative.com/advisories/ZDI-26-038/
Patch
https://github.com/langflow-ai/langflow/releases
Share on: