EXECUTIVE SUMMARY:
Six vulnerabilities have been discovered in Langflow OSS. These flaws include remote code execution, insecure deserialization, authorization bypasses, and code injection vulnerabilities that expose the platform to severe compromise. The business risk is substantial, as attackers can gain complete system control, steal sensitive data, and access internal services with ease. In multi-tenant environments, this leads to billing fraud and potential exposure of all tenant secrets. Successful exploitation poses a massive threat to developers building AI applications, potentially causing severe financial losses and reputational damage for the organization.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Six vulnerabilities have been discovered in Langflow OSS. These flaws include remote code execution, insecure deserialization, authorization bypasses, and code injection vulnerabilities that expose the platform to severe compromise. The business risk is substantial, as attackers can gain complete system control, steal sensitive data, and access internal services with ease. In multi-tenant environments, this leads to billing fraud and potential exposure of all tenant secrets. Successful exploitation poses a massive threat to developers building AI applications, potentially causing severe financial losses and reputational damage for the organization.[emaillocker id="1283"]
CVE-2026-10134 with a CVSS score of 10.0 – This vulnerability allows unauthenticated remote code execution by injecting malicious Python code through the PythonCodeStructured Tool in public flows.
CVE-2026-7803 with a CVSS score of 9.8 – Attackers can bypass flow validation by submitting nodes with empty component type fields, forcing the validator to skip blocking disabled custom components.
CVE-2026-7871 with a CVSS score of 9.8 – This flaw involves insecure deserialization in the Redis cache backend, allowing attackers to inject malicious payloads that execute when any worker reads the cache.
CVE-2026-7873 with a CVSS score of 9.9 – This vulnerability permits code injection in the code validation endpoint by exploiting Python’s default argument evaluation mechanism to execute arbitrary OS commands.
CVE-2026-10140 with a CVSS score of 9.6 – The voice mode subsystem improperly caches API keys, enabling cross-tenant API key reuse and billing fraud.
CVE-2026-7663 with a CVSS score of 9.1 – The Streamable MCP transport endpoint fails to enforce project ownership controls, allowing attackers to access protected resources without authentication.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/langflow-oss-vulnerabilities/