CVE-2026-7687 | langflow-ai langflow up to 1.8.4 Full Builtins code_parser.py CodeParser.parse_callable_details command injection

A vulnerability was found in langflow-ai langflow up to 1.8.4. It has been declared as critical. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injection.

This vulnerability is handled as CVE-2026-7687. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7687 | langflow-ai langflow up to 1.8.4 Full Builtins code_parser.py CodeParser.parse_callable_details command injection

Post correlati

CVE-2026-3006 | WinFSP up to 2.1.25156 Kernel heap-based overflow

CVE-2023-31313 | AMD Instinct MI210/Instinct MI250 PMFW confused deputy

CVE-2026-40552 | BinSoft mpGabinet up to 23.12.19 resource transfer

CVE-2026-21695 | kromitgmbh titra up to 0.99.49 Endpoint dynamically-determined object attributes (GHSA-gc65-vr47-jppq)