A critical flaw in Langflow’s CSV Agent node exposes servers to remote code execution (RCE) via prompt injection. Security researcher Empreiteiro disclosed GHSA-3645-fxcv-hqr4 on February 25, 2026, affecting the open-source Langflow package on PyPI. This vulnerability lets attackers run arbitrary Python and OS commands, granting full server control. Langflow builds AI workflows with large language […] The post Langflow AI CSV Agent Flaw Enables Remote Code Execution Attacks appeared first on Cyber Security News.