OS Command Injection in Langflow - CVE-2026-33475
Published: April 24, 2026
Vulnerability identifier: #VU127535
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-33475
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Langflow
Affected software:
Langflow
Langflow
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary shell commands.
The vulnerability exists due to improper neutralization of special elements used in an os command in GitHub Actions workflows and composite actions when interpolating user-controlled GitHub context variables into run steps. A remote attacker can supply a malicious branch name, pull request title, or workflow input to execute arbitrary shell commands.
This issue can be triggered during CI/CD execution in public forks with GitHub Actions enabled.
How to mitigate CVE-2026-33475
Install security update from vendor's website.