VYPR
Vendor

Langflow AI

Products
2
CVEs
55
Across products
56
Status
Private

Products

2

Recent CVEs

55
View all 55 CVEs →
  • CVE-2026-33017CriKEVMar 20, 2026
    risk 0.77cvss 9.8epss 0.98

    Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the…

  • CVE-2025-34291HigKEVDec 5, 2025
    risk 0.65cvss 8.8epss 0.79

    Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as…

  • CVE-2026-7524CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.01

    IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

  • CVE-2026-6543HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks…

  • CVE-2026-33873CriMar 27, 2026
    risk 0.57cvss 9.9epss 0.01

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component…

  • CVE-2026-42048CriMay 12, 2026
    risk 0.55cvss 9.6epss 0.04

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly…

  • CVE-2026-55447criJun 19, 2026
    risk 0.52cvss epss 0.00

    ### Summary All components based on `BaseFileComponent` are vulnerable to the following vulnerability: 1. Docling (`DoclingInlineComponent`) 2. Docling Serve (`DoclingRemoteComponent`) 3. Read File (`FileComponent`) 4. NVIDIA Retriever Extraction (`NvidiaIngestComponent`) 5.…

  • CVE-2026-55255criJun 19, 2026
    risk 0.52cvss epss 0.00

    ## Summary Insecure Direct Object Reference (IDOR) vulnerability in `/api/v1/responses` endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. ## Details The vulnerability exists in the…

  • CVE-2026-55450criJun 17, 2026
    risk 0.52cvss epss 0.00

    ### Summary Unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the server. In adition, in the response, the absolute path of the…

  • CVE-2026-48519criJun 16, 2026
    risk 0.52cvss epss 0.01

    ### Summary The "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe ### Details Shareable Playground…

  • CVE-2026-3357HigApr 8, 2026
    risk 0.50cvss 8.8epss 0.00

    IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.

  • CVE-2026-34046HigMar 27, 2026
    risk 0.50cvss 8.8epss 0.00

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was…

  • CVE-2026-4503HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.

  • CVE-2026-7787HigJun 11, 2026
    risk 0.42cvss 7.5epss 0.00

    IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

  • CVE-2026-3345MedApr 30, 2026
    risk 0.42cvss 6.5epss 0.00

    IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2026-4502MedApr 30, 2026
    risk 0.42cvss 6.5epss 0.00

    IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.

  • CVE-2026-3346MedApr 30, 2026
    risk 0.42cvss 6.4epss 0.00

    IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2026-3340MedApr 30, 2026
    risk 0.42cvss 6.5epss 0.00

    IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

  • CVE-2026-5025MedMar 27, 2026
    risk 0.42cvss 6.5epss 0.00

    The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').

  • CVE-2026-7700MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be…