Main Vulnerability Database Vulnerabilities #VU127537

Eval Injection in Langflow - CVE-2026-33873

Published: April 24, 2026

Vulnerability identifier: #VU127537

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-33873

CWE-ID: CWE-95

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Langflow

Affected software:
Langflow

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary code on the server.

The vulnerability exists due to improper neutralization of directives in dynamically evaluated code in the Agentic Assistant validation path when processing LLM-generated component code. A remote user can cause the model to return malicious component code to execute arbitrary code on the server.

The issue is reachable through the /assist and /assist/stream endpoints, and the streaming path reaches the sink only when the request is classified into the component-generation branch.

How to mitigate CVE-2026-33873

Install security update from vendor's website.

Sources

https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc

Eval Injection in Langflow - CVE-2026-33873

Detailed vulnerability description

How to mitigate CVE-2026-33873

Sources

Please verify you're human