{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T03:08:10.491","vulnerabilities":[{"cve":{"id":"CVE-2026-0771","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-01-23T04:16:04.200","lastModified":"2026-06-17T10:11:21.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product.\n\nThe specific flaw exists within the handling of Python function components. Depending upon product configuration, an attacker may be able to introduce custom Python code into a workflow. An attacker can leverage this vulnerability to execute code in the context of the application. Was ZDI-CAN-27497."},{"lang":"es","value":"Vulnerabilidad de Inyección de Código PythonFunction de Langflow con Ejecución Remota de Código. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de Langflow. Los vectores de ataque y la explotabilidad variarán dependiendo de la configuración del producto.\n\nLa falla específica existe dentro del manejo de los componentes de función Python. Dependiendo de la configuración del producto, un atacante podría ser capaz de introducir código Python personalizado en un flujo de trabajo. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de la aplicación. Fue ZDI-CAN-27497."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Langflow","product":"Langflow","defaultStatus":"unknown","versions":[{"version":"1.4.2","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-24T04:55:33.963690Z","id":"CVE-2026-0771","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:1.4.2:-:*:*:*:*:*:*","matchCriteriaId":"81AAA7F9-843A-456C-89A1-B99D18AD4328"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-037/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}