VYPR

PyPI package

langflow-base

pkg:pypi/langflow-base

Vulnerabilities (5)

  • CVE-2026-6596HigApr 20, 2026
    affected < 0.9.1fixed 0.9.1

    A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to

  • CVE-2026-34046HigMar 27, 2026
    affected < 0.5.1fixed 0.5.1

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `Fals

  • CVE-2026-21445Jan 2, 2026
    affected < 0.7.1fixed 0.7.1

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, tran

  • CVE-2025-57760Aug 25, 2025
    affected < 0.5.1fixed 0.5.1

    Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user

  • CVE-2025-3248KEVApr 7, 2025
    affected < 0.3.0fixed 0.3.0

    Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.