CVE-2026-12822

MEDIUM NVD

CVSS Score 5.3

Severity MEDIUM

Published Jun 22, 2026

Vendor unknown

Description

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://github.com/dxz0069/softwareoverflow/blob/main/langflow_bundle_url_custom_component_startup_rce_vulndb.md
https://vuldb.com/cve/CVE-2026-12822
https://vuldb.com/submit/837582
https://vuldb.com/vuln/372612
https://vuldb.com/vuln/372612/cti