CVE-2026-48519
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk42th percentile — higher than 42% of all known CVEs
Summary
Langflow before version 1.9.2 contains a critical RCE vulnerability in the 'Shareable Playground' feature. Unauthenticated users can execute arbitrary Python code by sending a crafted request to the /api/v1/build_public_tmp endpoint with the field data.nodes[X].data.node.template.code.value.
Risk Assessment
An attacker can remotely execute arbitrary code on the server, leading to full compromise of the application and potentially the entire IT environment of the organization.
Recommendation
Immediately upgrade Langflow to version 1.9.2 or later. If upgrading is not possible, disable the 'Shareable Playground' feature and block access to the /api/v1/build_public_tmp endpoint.
Original NVD description (English source)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link. Specifically, it enables the route /api/v1/build_public_tmp to execute any public flow, given a public flow ID. When the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload. The vulnerable field is data.nodes[X].data.node.template.code.value. This vulnerability is fixed in 1.9.2.

