CNNVD-202601-4177 Information
Jan 23, 2026
cve
CNNVD ID
CNNVD-202601-4177
Related CVE
- CNNVD Published: 2026-01-23
Description (Chinese)
Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow存在安全漏洞,该漏洞源于处理exec_globals参数时包含来自不受信任控制范围的资源,可能导致远程代码执行。
Description (English)
Langflow is a visual framework for building multi-agent and RAG applications from Langflow Open Source. There is a security loophole in Langflow, which stems from the fact that the processing of exec globals parameters contains resources from untrusted areas, which may lead to remote code implementation.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Langflow
Published
2026-01-23
Last Modified
2026-02-24
References
https://www.zerodayinitiative.com/advisories/ZDI-26-036/
Patch
https://github.com/langflow-ai/langflow/releases
Share on: