Share
## https://sploitus.com/exploit?id=BE39882F-8178-5C55-9309-713FE5B7477C
# ๐ CVE-2026-0770 โ Langflow RCE (exec_global) PoC
Remote Code Execution vulnerability in Langflow
---
## ๐ Affected Software
This vulnerability affects:
**Langflow**
---
## ๐ง Vulnerability Overview
**CVE-2026-0770** is a Remote Code Execution (RCE) vulnerability in the:
```
/api/v1/validate/code
```
endpoint.
When `AUTO_LOGIN=true` and default credentials are enabled, attackers can:
* ๐ Bypass authentication
* ๐ป Execute arbitrary system commands
* โ ๏ธ Fully compromise the server
The issue stems from unsafe Python code evaluation during validation.
---
# โ๏ธ Installation
## 1๏ธโฃ Clone the Repository
```bash
git clone https://github.com/0xgh057r3c0n/CVE-2026-0770.git
cd CVE-2026-0770
```
---
## 2๏ธโฃ Install Requirements
Make sure Python 3.8+ is installed.
Install dependencies:
```bash
pip install requests colorama
```
---
## (Optional) Use Virtual Environment
```bash
python3 -m venv venv
source venv/bin/activate # Linux / macOS
venv\Scripts\activate # Windows
pip install requests colorama
```
---
# ๐ Usage Guide
---
## ๐ฅ Interactive Shell Mode
Launch interactive remote command execution:
```bash
python3 CVE-2026-0770.py -t http://target:7860
```
Example:
```bash
python3 CVE-2026-0770.py -t http://192.168.1.100:7860
```
---
## ๐งช Execute Single Command
```bash
python3 CVE-2026-0770.py -t http://target:7860 -c "id"
```
Example:
```bash
python3 CVE-2026-0770.py -t http://localhost:7860 -c "whoami"
```
---
## ๐งพ Verbose Mode
```bash
python3 CVE-2026-0770.py -t http://target:7860 -c "ls -la" -v
```
Shows detailed debugging output.
---
## ๐ Use Custom JWT Token
```bash
python3 CVE-2026-0770.py -t http://target:7860 -k "your.jwt.token"
```
---
# ๐ Authentication Behavior
If no token is provided, the script attempts auto-login using:
```
username: langflow
password: langflow
```
If successful, it retrieves an `access_token` and proceeds.
---
# ๐ฃ Exploitation Flow
1. Attempt authentication
2. Send malicious Python payload
3. Trigger execution during function definition
4. Raise exception containing command output
5. Parse output from server response
---
# ๐ก๏ธ Mitigation
Administrators should:
* Disable `AUTO_LOGIN`
* Change default credentials immediately
* Restrict access to `/api/v1/validate/code`
* Implement secure sandboxing
* Upgrade to a patched version (if available)
---
# ๐ Detection Indicators
Monitor for:
* Suspicious POST requests to `/api/v1/validate/code`
* Code containing:
* `__import__`
* `subprocess`
* `throw(Exception(`
* Repeated login attempts using default credentials
---
# ๐ Project Structure
```
.
โโโ CVE-2026-0770.py
โโโ LICENSE
โโโ README.md
```
---
# ๐ค Author
**0xgh057r3c0n**
๐ [https://github.com/0xgh057r3c0n](https://github.com/0xgh057r3c0n)
Security Researcher | Exploit Developer | PoC Writer
---
# ๐ License
Distributed under the MIT License.
See the full license here:
๐ [https://github.com/0xgh057r3c0n/CVE-2026-0770/blob/main/LICENSE](https://github.com/0xgh057r3c0n/CVE-2026-0770/blob/main/LICENSE)
---
# โ ๏ธ Legal Disclaimer
This project is intended for:
* Security research
* Educational purposes
* Authorized penetration testing
Unauthorized use against systems you do not own or have explicit permission to test is illegal.