CVE-2026-33017 | langflow-ai Langflow up to 1.8.1 Public Flow Build Endpoint eval injection

Inserito da Angelo Barbosa | Mar 18, 2026 | CVE

A vulnerability, which was classified as critical, was found in langflow-ai Langflow up to 1.8.1. This impacts an unknown function of the component Public Flow Build Endpoint. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code.

The identification of this vulnerability is CVE-2026-33017. The attack may be launched remotely. There is no exploit available.

CVE-2026-33017 | langflow-ai Langflow up to 1.8.1 Public Flow Build Endpoint eval injection

Post correlati

CVE-2024-33626 | LevelOne WBR-6012 R0.40e6 information disclosure (TALOS-2024-1986)

CVE-2024-10506 | code-projects Blood Bank System 1.0 B-.php Bloodname sql injection

CVE-2023-50886 | wpWax Legal Pages Plugin up to 1.3.7 on WordPress cross-site request forgery

CVE-2025-4223 | Page Builder Plugin up to 2.0.0 on WordPress login_url cross site scripting