Share
## https://sploitus.com/exploit?id=BE39882F-8178-5C55-9309-713FE5B7477C
# ๐Ÿš€ CVE-2026-0770 โ€“ Langflow RCE (exec_global) PoC


  



  Remote Code Execution vulnerability in Langflow



  
  
  


---

## ๐Ÿ“Œ Affected Software

This vulnerability affects:

**Langflow**

---

## ๐Ÿง  Vulnerability Overview

**CVE-2026-0770** is a Remote Code Execution (RCE) vulnerability in the:

```
/api/v1/validate/code
```

endpoint.

When `AUTO_LOGIN=true` and default credentials are enabled, attackers can:

* ๐Ÿ”“ Bypass authentication
* ๐Ÿ’ป Execute arbitrary system commands
* โš ๏ธ Fully compromise the server

The issue stems from unsafe Python code evaluation during validation.

---

# โš™๏ธ Installation

## 1๏ธโƒฃ Clone the Repository

```bash
git clone https://github.com/0xgh057r3c0n/CVE-2026-0770.git
cd CVE-2026-0770
```

---

## 2๏ธโƒฃ Install Requirements

Make sure Python 3.8+ is installed.

Install dependencies:

```bash
pip install requests colorama
```

---

## (Optional) Use Virtual Environment

```bash
python3 -m venv venv
source venv/bin/activate      # Linux / macOS
venv\Scripts\activate         # Windows
pip install requests colorama
```

---

# ๐Ÿš€ Usage Guide

---

## ๐Ÿ”ฅ Interactive Shell Mode

Launch interactive remote command execution:

```bash
python3 CVE-2026-0770.py -t http://target:7860
```

Example:

```bash
python3 CVE-2026-0770.py -t http://192.168.1.100:7860
```

---

## ๐Ÿงช Execute Single Command

```bash
python3 CVE-2026-0770.py -t http://target:7860 -c "id"
```

Example:

```bash
python3 CVE-2026-0770.py -t http://localhost:7860 -c "whoami"
```

---

## ๐Ÿงพ Verbose Mode

```bash
python3 CVE-2026-0770.py -t http://target:7860 -c "ls -la" -v
```

Shows detailed debugging output.

---

## ๐Ÿ” Use Custom JWT Token

```bash
python3 CVE-2026-0770.py -t http://target:7860 -k "your.jwt.token"
```

---

# ๐Ÿ” Authentication Behavior

If no token is provided, the script attempts auto-login using:

```
username: langflow
password: langflow
```

If successful, it retrieves an `access_token` and proceeds.

---

# ๐Ÿ’ฃ Exploitation Flow

1. Attempt authentication
2. Send malicious Python payload
3. Trigger execution during function definition
4. Raise exception containing command output
5. Parse output from server response

---

# ๐Ÿ›ก๏ธ Mitigation

Administrators should:

* Disable `AUTO_LOGIN`
* Change default credentials immediately
* Restrict access to `/api/v1/validate/code`
* Implement secure sandboxing
* Upgrade to a patched version (if available)

---

# ๐Ÿ” Detection Indicators

Monitor for:

* Suspicious POST requests to `/api/v1/validate/code`
* Code containing:

  * `__import__`
  * `subprocess`
  * `throw(Exception(`
* Repeated login attempts using default credentials

---

# ๐Ÿ“‚ Project Structure

```
.
โ”œโ”€โ”€ CVE-2026-0770.py
โ”œโ”€โ”€ LICENSE
โ””โ”€โ”€ README.md
```

---

# ๐Ÿ‘ค Author

**0xgh057r3c0n**
๐Ÿ”— [https://github.com/0xgh057r3c0n](https://github.com/0xgh057r3c0n)

Security Researcher | Exploit Developer | PoC Writer

---

# ๐Ÿ“œ License

Distributed under the MIT License.
See the full license here:

๐Ÿ”— [https://github.com/0xgh057r3c0n/CVE-2026-0770/blob/main/LICENSE](https://github.com/0xgh057r3c0n/CVE-2026-0770/blob/main/LICENSE)

---

# โš ๏ธ Legal Disclaimer

This project is intended for:

* Security research
* Educational purposes
* Authorized penetration testing

Unauthorized use against systems you do not own or have explicit permission to test is illegal.