Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub…

CVE-2026-33475 is an unauthenticated remote shell injection vulnerability in Langflow's GitHub Actions workflows prior to version 1.9.0. The vulnerability exists due to unsanitized interpolation of GitHub context variables in run steps, allowing attackers to inject arbitrary shell commands via malicious branch names or pull request titles. This can lead to secret exfiltration (GITHUB_TOKEN), infrastructure manipulation, or supply chain compromise during CI/CD execution. The vulnerability affects multiple workflow files and can be exploited by forking the repository and creating malicious branch names. Version 1.9.0 patches the vulnerability by using environment variables and proper quoting.