CVE-2026-0770

Jan. 23, 2026, 4:16 a.m.

9.8
Critical

Description

Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.

Product(s) Impacted

Vendor Product Versions
Langflow
  • Langflow
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a langflow langflow / / / / / / / /

References

https://www.zerodayinitiative.com/advisories/ZDI-26-036/

Tags

[email protected]
CWE-829
2026-01-23
CVE-2026-0770

CVSS Score

9.8 / 10

CVSS Data - 3.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Jan. 23, 2026, 4:16 a.m.
Last Modified: Jan. 23, 2026, 4:16 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

Linked Attack Reports

How attackers are jailbreaking LLMs with CTF framing and how to catch them

Threat actors are bypassing AI model safety guardrails by framing exploit requests as legitimate security research, such as capture-the-flag challenges or CVE-hunting exercises. This technique manipulates upstream LLMs into generating working exploit code that attackers deploy against real targets.…
credential harvesting
CVE-2026-33017
CVE-2026-39987
ai agent exploitation
CVE-2026-40281
CVE-2026-42208
CVE-2026-42271
CVE-2026-44336
CVE-2026-44694
CVE-2026-42266
CVE-2026-42589
CVE-2026-45331
CVE-2026-45397
CVE-2026-45672
CVE-2026-45301
2026-06-15
ai platform targeting
ctf framing
cve exploitation
CVE-2026-42302
CVE-2026-47391
llm jailbreaking
prompt injection
rce campaigns
Published: June 15, 2026
Linked vulnerabilities : CVE-2026-0770 (CVSS 9.8), CVE-2026-33017 (CVSS 9.3), CVE-2026-39987 (CVSS 9.3), CVE-2026-40281 (CVSS 10.0), CVE-2026-42208 (CVSS 9.3), CVE-2026-42271 (CVSS 8.7), CVE-2026-44336 (CVSS 9.4), CVE-2026-44694 (CVSS 7.2), CVE-2026-42589 (CVSS 9.8), CVE-2026-45331 (CVSS 8.5), CVE-2026-45672 (CVSS 8.8), CVE-2026-45301 (CVSS 8.1), CVE-2026-47391
Downloadable IOCs: 6

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.