CVE-2026-48519 | Langflow is a tool for building and deploying AI-powered age… | CVSS 9.6 CRITICAL

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link. Specifically, it enables the route /api/v1/build_public_tmp to execute any public flow, given a public flow ID. When the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload. The vulnerable field is data.nodes[X].data.node.template.code.value. This vulnerability is fixed in 1.9.2.

Metadata

CVE ID: CVE-2026-48519
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-21 16:18 UTC
Published: 2026-06-23 16:25 UTC
Last updated: 2026-06-23 17:02 UTC
Primary CWE: CWE-94
CWE-94: Improper Control of Generation of Code ('Code Inject…
Vendor / Product: langflow-ai / langflow
Sources: cve.org · NVD

Severity & Metrics

9.6 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
langflow-ai	langflow	—	< 1.9.2

Weakness (CWE)

CWE	Source	Description
CWE-94	cna	CWE-94: Improper Control of Generation of Code ('Code Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.6	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References (1)

https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f