一个影响Langflow的关键安全漏洞在公开披露后20小时内就遭到主动利用，突显了威胁行为者将新发布漏洞武器化的速度。 该安全缺陷被追踪为CVE-2026-33017（CVSS评分：9.3），是一个缺失身份验证结合代码注入的案例，可能导致远程代码执行。 根据Langflow对该漏洞的 ...

这个Python解释器连接到模型的"工具"节点，除了将Pandas和Math库加入白名单外，我们没有改变解释器的标识符和描述以外的太多内容。 基于系统和用户提示中提供的信息，模型可以使用这个Python沙箱来执行代码片段并从数据集中提取见解。

A critical flaw found in the open source Langflow platform was added to the US Cybersecurity and Infrastructure Security Agency’s (CISA's) Known Exploited Vulnerabilities (KEV) catalog. Langflow is a ...

Attackers are actively targeting a critical flaw in a popular Python-based Web app for building AI agents and workflows to unleash a powerful botnet that can cause full system compromise, distributed ...

Researchers from security firm Trend Micro warn that a critical remote code execution vulnerability patched in April in the Langflow AI agent framework is being exploited to deploy botnet malware. The ...