A critical remote code execution vulnerability in Langflow allows unauthenticated attackers to execute arbitrary Python code via the Shareable Playground feature.

The vulnerability resides in the /api/v1/build_public_tmp endpoint, which fails to sanitize input within the node template code. Unauthenticated attackers can inject and execute arbitrary Python code by manipulating the JSON payload, leading to full system compromise.

This vulnerability carries a CVSS score of 9.6, reflecting the ability for an attacker to achieve full server-side execution. A successful exploit grants the attacker complete control over the host environment, risking sensitive data exposure, lateral movement within the network, and total system disruption.

Immediate Action: Update Langflow to version 1.9.2 or later immediately to address the insecure code execution path.

Proactive Monitoring: Inspect server logs for unusual inbound traffic to the /api/v1/build_public_tmp route and monitor for anomalous child processes spawned by the Langflow service.

Compensating Controls: Disable the "Shareable Playground" or "Public Flows" feature if it is not business-critical until the update can be applied.

Public Exploit Available: No

The severity of this RCE vulnerability necessitates immediate patching. Organizations utilizing Langflow must treat this as a high-priority incident, ensuring the update is applied to all instances exposed to the network to prevent catastrophic system compromise.