Langflow
by Langflow AI
Source repositories
CVEs (48)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5022 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2026 | The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name. | ||
| CVE-2026-6600 | Low | 0.16 | 3.5 | 0.00 | Apr 20, 2026 | A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can… | ||
| CVE-2025-3248 | 0.16 | — | 1.00 | KEV | Apr 7, 2025 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | ||
| CVE-2026-0770 | 0.04 | — | 0.10 | Jan 23, 2026 | Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this… | |||
| CVE-2024-48061 | 0.01 | — | 0.01 | Nov 4, 2024 | langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. | |||
| CVE-2024-42835 | 0.01 | — | 0.01 | Oct 31, 2024 | langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. | |||
| CVE-2026-12822 | 0.00 | — | 0.00 | Jun 21, 2026 | A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but… | |||
| CVE-2026-55423 | 0.00 | — | 0.00 | Jun 19, 2026 | ### Summary The logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. ### Details Not in auto login mode. Hosted on localhost. `access_token_lf` remains present in both Local Storage and Cookies. `refresh_token_lf`… | |||
| CVE-2026-48520 | 0.00 | — | 0.00 | Jun 16, 2026 | ### Summary The "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of the flow is allowed. The execution request can contain a list… | |||
| CVE-2026-42867 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API (`POST /api/v1/knowledge_bases`). This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated… | |||
| CVE-2026-5027 | 0.00 | — | 0.02 | Mar 27, 2026 | The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../'). | |||
| CVE-2026-33497 | 0.00 | — | 0.08 | Mar 24, 2026 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which… | |||
| CVE-2026-33484 | 0.00 | — | 0.06 | Mar 24, 2026 | Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known… | |||
| CVE-2026-33475 | 0.00 | — | 0.03 | Mar 24, 2026 | Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context… | |||
| CVE-2026-33309 | 0.00 | — | 0.01 | Mar 24, 2026 | Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved.… | |||
| CVE-2026-33053 | 0.00 | — | 0.00 | Mar 20, 2026 | Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency).… | |||
| CVE-2026-27966 | 0.00 | — | 0.34 | Feb 26, 2026 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker… | |||
| CVE-2026-0772 | 0.00 | — | 0.01 | Jan 23, 2026 | Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw… | |||
| CVE-2026-0771 | 0.00 | — | 0.01 | Jan 23, 2026 | Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The… | |||
| CVE-2026-0769 | 0.00 | — | 0.34 | Jan 23, 2026 | Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw… |
- risk 0.34cvss 5.3epss 0.00
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.
- risk 0.16cvss 3.5epss 0.00
A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can…
- risk 0.16cvss —epss 1.00
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
- CVE-2026-0770Jan 23, 2026risk 0.04cvss —epss 0.10
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this…
- CVE-2024-48061Nov 4, 2024risk 0.01cvss —epss 0.01
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
- CVE-2024-42835Oct 31, 2024risk 0.01cvss —epss 0.01
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
- CVE-2026-12822Jun 21, 2026risk 0.00cvss —epss 0.00
A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but…
- CVE-2026-55423Jun 19, 2026risk 0.00cvss —epss 0.00
### Summary The logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. ### Details Not in auto login mode. Hosted on localhost. `access_token_lf` remains present in both Local Storage and Cookies. `refresh_token_lf`…
- CVE-2026-48520Jun 16, 2026risk 0.00cvss —epss 0.00
### Summary The "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of the flow is allowed. The execution request can contain a list…
- CVE-2026-42867Jun 16, 2026risk 0.00cvss —epss 0.00
## Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API (`POST /api/v1/knowledge_bases`). This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated…
- CVE-2026-5027Mar 27, 2026risk 0.00cvss —epss 0.02
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').
- CVE-2026-33497Mar 24, 2026risk 0.00cvss —epss 0.08
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which…
- CVE-2026-33484Mar 24, 2026risk 0.00cvss —epss 0.06
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known…
- CVE-2026-33475Mar 24, 2026risk 0.00cvss —epss 0.03
Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context…
- CVE-2026-33309Mar 24, 2026risk 0.00cvss —epss 0.01
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved.…
- CVE-2026-33053Mar 20, 2026risk 0.00cvss —epss 0.00
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency).…
- CVE-2026-27966Feb 26, 2026risk 0.00cvss —epss 0.34
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker…
- CVE-2026-0772Jan 23, 2026risk 0.00cvss —epss 0.01
Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw…
- CVE-2026-0771Jan 23, 2026risk 0.00cvss —epss 0.01
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The…
- CVE-2026-0769Jan 23, 2026risk 0.00cvss —epss 0.34
Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw…
Page 2 of 3