CVE-2026-7687 | langflow-ai langflow up to 1.8.4 Full Builtins code_parser.py CodeParser.parse_callable_details command injection

A vulnerability was found in langflow-ai langflow up to 1.8.4. It has been declared as critical. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injection.

This vulnerability is handled as CVE-2026-7687. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More