AI description
CVE-2026-7700 is a remote code execution (RCE) vulnerability found in Langflow-AI Langflow, affecting versions up to and including 1.8.4. This flaw is specifically a code injection vulnerability located within the `eval` function of the `LambdaFilterComponent`, which is part of the `src/lfx/src/lfx/components/llm_operations/lambda_filter.p` file. An authenticated remote attacker can exploit this vulnerability by manipulating input passed to the component, allowing them to inject and execute arbitrary code. A public exploit proof-of-concept for CVE-2026-7700 is available. The vendor was reportedly contacted about the disclosure but did not respond. The weakness is categorized under CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection).
- Description
- A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Deferred
CVSS 4.0
- Type
- Secondary
- Base score
- 2.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
CVSS 3.1
- Type
- Primary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- cna@vuldb.com
- CWE-74
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
šØ #Langflow Multi-CVE Exploit Kit š” **CVE-2026-7524 (Path Traversal) | CVE-2026-7700 (Lambda eval) | CVE-2026-7687 (CodeParser CMD Injection)** š§¬ **Multi-Vector RCE Exploitation Framework** š **Exploitation Chain:** 1. Create tar.gz with payload file + symlink poin
@YogSoth0
20 Jun 2026
2984 Impressions
13 Retweets
52 Likes
25 Bookmarks
2 Replies
0 Quotes
# Langflow Multi-CVE Exploit Kit **CVE-2026-7524 (Path Traversal) | CVE-2026-7700 (Lambda eval) | CVE-2026-7687 (CodeParse> **Military-Grade Multi-Vector RCE Exploitation Framework** #exploit #0days #CVE #CVSS #security #hacking https://t.co/hB4tr07PJW
@YogSoth0
15 Jun 2026
182 Impressions
0 Retweets
7 Likes
0 Bookmarks
1 Reply
0 Quotes
New 0days multi-exploit kit: Langflow Multi-CVE Reconnaissance Scanner Targets: CVE-2026-7524 (Path Traversal), CVE-2026-7700 (Lambda eval), CVE-2026-7687 (CodeParser) Military-grade async scanner with vulnerability fingerprinting and exploitability scoring. Soon on gibliz h
@YogSoth0
14 Jun 2026
220 Impressions
1 Retweet
4 Likes
1 Bookmark
1 Reply
0 Quotes