CVE-2026-12822

CVE-2026-12822CVE-2026-12822

Description

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 5.3 ()
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Last modified2026-06-22
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.