CVE-2026-7687
MEDIUM · 6.3› NVD details 2 CWE ·0 vendors · 4 refs expand
Description
A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Top posts driving the trend
- @cve.skyfleet.blueBluesky · 5/3/2026
CVE-2026-7687 - langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection CVE ID : CVE-2026-7687 Published : May 3, 2026, 9:16 a.m. | 1 hour, 3 minutes ago Description : A vulnerability was determined in langflow-ai langflow up...
♥ 0 · ↻ 0 · 💬 0 
@VulmonFeedsX · 5/3/2026CVE-2026-7687 Command Injection in Langflow AI Langflow Up to Version 1.... https://t.co/uH0ZfbpZw6 Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
♥ 0 · ↻ 0 · 💬 0
