CVE-2026-34046
Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the _read_flow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTO_LOGIN setting to decide whether to filter by user_id. When AUTO_LOGIN was False (i.e., authentication was enabled), neither branch enforced an ownership check — the query returned any flow matching the given UUID regardless of who owned it. This allowed any authenticated user to read any other user's flow, including embedded plaintext API keys; modify the logic of another user's AI agents, and/or delete flows belonging to other users. The vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with user_id = NULL) under auto-login mode, but inadvertently left the authenticated path without an ownership filter. The fix in version 1.5.1 removes the AUTO_LOGIN conditional entirely and unconditionally scopes the query to the requesting user.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langflowPyPI | < 1.5.1 | 1.5.1 |
langflow-basePyPI | < 0.5.1 | 0.5.1 |
Affected products
2- Range: < 1.5.1
- langflow-ai/langflow-basev5Range: < 0.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/langflow-ai/langflow/pull/8956nvdIssue TrackingPatchWEB
- github.com/langflow-ai/langflow/security/advisories/GHSA-8c4j-f57c-35cfnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-8c4j-f57c-35cfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-34046ghsaADVISORY
News mentions
0No linked articles in our index yet.