CVE-2026-48519
Awaiting Analysis Awaiting Analysis - Queue
Remote Code Execution in Langflow Prior to 1.9.2

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link. Specifically, it enables the route /api/v1/build_public_tmp to execute any public flow, given a public flow ID. When the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload. The vulnerable field is data.nodes[X].data.node.template.code.value. This vulnerability is fixed in 1.9.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-48519
EUVD
EUVD-2026-38514
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langflow-ai langflow to 1.9.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated remote code execution, which can lead to full system compromise affecting confidentiality, integrity, and availability of data.

Such a compromise can result in unauthorized access to sensitive personal or protected health information, potentially violating compliance requirements under standards like GDPR and HIPAA.

Therefore, this vulnerability poses a significant risk to maintaining compliance with these regulations due to the potential exposure and manipulation of sensitive data.

Executive Summary

CVE-2026-48519 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Langflow versions 1.9.1 and earlier.

The vulnerability exists in the "Shareable Playground" feature, which allows anyone with a public flow link to execute workflows without authentication.

Specifically, attackers can inject arbitrary Python code by manipulating the field data.nodes[X].data.node.template.code.value in the JSON payload sent to the /api/v1/build_public_tmp/<flow-id>/flow endpoint.

This flaw enables execution of malicious code remotely, potentially leading to full system compromise.

The vulnerability is fixed in Langflow version 1.9.2 and later.

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution on your system.

An attacker can execute arbitrary Python code without any privileges or authentication, potentially leading to full system compromise.

The impacts cover confidentiality, integrity, and availability of the affected system.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for requests to the endpoint /api/v1/build_public_tmp/<flow-id>/flow, especially those containing JSON payloads with the field data.nodes[X].data.node.template.code.value.

Commands to detect potential exploitation attempts could include using network monitoring tools like tcpdump or Wireshark to filter HTTP POST requests to the vulnerable endpoint.

  • tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/api/v1/build_public_tmp'
  • Use curl or similar tools to test if the endpoint is accessible and vulnerable by sending crafted JSON payloads targeting data.nodes[X].data.node.template.code.value (only in a controlled, safe environment).
Mitigation Strategies

The immediate mitigation step is to upgrade Langflow to version 1.9.2 or later, where this critical Remote Code Execution vulnerability has been fixed.

Until the upgrade can be performed, restrict access to the /api/v1/build_public_tmp endpoint to trusted users or networks to prevent unauthenticated exploitation.

Additionally, monitor logs and network traffic for suspicious activity targeting this endpoint and consider disabling the Shareable Playground feature if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48519. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart