CVE-2026-12822 | langflow-ai langflow up to 1.9.3 Bundle URL Loader code injection

Inserito da Angelo Barbosa | Giu 21, 2026 | CVE

A vulnerability, which was classified as critical, has been found in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection.

This vulnerability is documented as CVE-2026-12822. The attack needs to be performed locally. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-12822 | langflow-ai langflow up to 1.9.3 Bundle URL Loader code injection

Post correlati

CVE-2023-51360 | WPDeveloper Essential Blocks for Gutenberg Plugin up to 4.2.0 on WordPress authorization

CVE-2025-52534 | AMD EPYC 9005 Processors Guest improper validation of specified quantity in input

CVE-2024-53705 | SonicWALL SonicOS SSH Management server-side request forgery (SNWLID-2025-0003)

CVE-2026-23537 | feast-dev feast /save-document path traversal