Langflow allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.
{ "nvd_published_at": "2024-06-10T20:15:15Z", "cwe_ids": [ "CWE-913", "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-06-11T19:29:16Z" }