{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T22:10:51.270","vulnerabilities":[{"cve":{"id":"CVE-2026-0770","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-01-23T04:16:04.063","lastModified":"2026-02-18T16:43:44.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325."},{"lang":"es","value":"Langflow exec_globals Inclusión de Funcionalidad desde Esfera de Control No Confiable Vulnerabilidad de Ejecución Remota de Código. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de Langflow. La autenticación no es requerida para explotar esta vulnerabilidad.\n\nLa falla específica existe dentro del manejo del parámetro exec_globals proporcionado al endpoint validate. El problema resulta de la inclusión de un recurso desde una esfera de control no confiable. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Fue ZDI-CAN-27325."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Primary","description":[{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"81AAA7F9-843A-456C-89A1-B99D18AD4328"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-036/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}