AgentsCVE-2026-27966 Langflow CSV Agent RCE CVSS 9.8TheHackerWire·high signalLangflow CSV Agent hardcodes allow_dangerous_code=True exposing python_repl_ast. CVSS 9.8 critical. Patched v1.8.0. Same eval epidemic vulnerability class.SourceSource pageTheHackerWire↳ Follow the threadPolicy dependency / Stack layerCynative Ships an Open-Source Deep-Research Security Agent With Default-Deny Write PermissionsIT Security NewsStack layer / Threat patternWire Analysis: xAI's Grok Build CLI Silently Uploaded Entire Repos to a Google Cloud Bucketcereblab wire analysis / Hacker News (corroborated by The Hacker News, Glitchwire)Stack layer / Threat patternMCPZoo Study: Scanners Call 96.89% of MCP Servers 'Risky' — But Under Half of Those Alerts Are RealarXivStack layer / Threat patternMako: A 'Self-Evolving Agentic OS' That Writes New Exploits Against Live Targets and Hot-Loads Them Into ItselfarXivStack layer / Threat patternGitLost: prompt injection in GitHub Agentic Workflows leaks private repos with zero credentials (CVE-2026-44246)explainX (reporting Noma Security research)Stack layer / Threat patternPattern: Repo-Local Config Auto-Load Is the New RCE Class — 'Workspace Trust' Standards Are FormingLatest Hacking NewsStack layer / Threat patternGitHub Ships /security-review in the Copilot Desktop App — Pre-Commit LLM Scanning for All Tiers, Including FreeGitHub ChangelogStack layer / Threat patternPromote pre-production evals into runtime guardrails so nothing ships without passingDigital Applied