langflow-exploit
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides automated exploit chains for CVE-2026-33017 and credential-based vulnerabilities to achieve RCE on LangFlow servers. The attack vector involves injecting arbitrary Python code into LangFlow Custom Components.
- [COMMAND_EXECUTION]: The scripts generate payloads that use 'subprocess.Popen' to execute shell commands and establish bash reverse shells on target systems.
- [CREDENTIALS_UNSAFE]: Scripts 'langflowLogin.py' and 'langflowWeakRCE.py' contain hardcoded default passwords and a dictionary for brute-forcing credentials.
- [EXTERNAL_DOWNLOADS]: The HTML report generation logic in multiple scripts references an external JavaScript library (jQuery) from the third-party domain 'cdn.bootcdn.net'.
- [PROMPT_INJECTION]: The 'SKILL.md' file uses imperative language and directives to override agent behavior, instructing it to prioritize these exploit tools when LangFlow or related CVEs are mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata