Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class server-side. In deployments where an attacker can access the Agentic Assistant feature and influence the model output, this can result in arbitrary server-side Python execution. Version 1.9.0 fixes the issue.
Problem types
CWE-94: Improper Control of Generation of Code ('Code Injection')
Product status
References
github.com/...ngflow/security/advisories/GHSA-v8hw-mh8c-jxfc
github.com/...rc/backend/base/langflow/agentic/api/router.py
github.com/...c/backend/base/langflow/agentic/api/schemas.py
github.com/...se/langflow/agentic/helpers/code_extraction.py
github.com/...nd/base/langflow/agentic/helpers/validation.py
github.com/...langflow/agentic/services/assistant_service.py
github.com/...langflow/agentic/services/assistant_service.py
github.com/...langflow/agentic/services/assistant_service.py
github.com/...fc/src/backend/base/langflow/api/utils/core.py
github.com/...d1fc/src/backend/base/langflow/api/v1/login.py
github.com/...c/backend/base/langflow/services/auth/utils.py
github.com/...c/backend/base/langflow/services/auth/utils.py
github.com/...1c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py
github.com/...1c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py
github.com/...1c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py
github.com/...d1fc/src/lfx/src/lfx/services/settings/auth.py