A patch is available with Langflow version 1.8.0, released in the official security advisory on GitHub, which likely disables or removes the dangerous code option.

Users should update promptly and verify remediation to guard against remote attacks that could create, delete, or alter files and install malware.

The flaw arises from a hardcoded allow_dangerous_code setting that enables the python_repl_ast tool in LangChain to execute Python code.

Attackers can exploit prompt injection through the dangerous code pathway to run system commands, potentially gaining full control of the server and compromising data and integrity.

Exploitation requires no special user privileges or interaction beyond access to the Langflow chat interface.

A critical vulnerability in Langflow’s CSV Agent (CVE-2026-27966) allows remote code execution with a severity score of 10.0, requiring immediate attention.