langflow
PyPI31 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting langflowpage 1 of 1
- CVE-2024-37014CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.0.0a32024-06-10
vulnerable: 0.0.31 ... 1.0.0a2 (165 versions)
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.
- CVE-2024-42835CRITICALCVSS 9.8EG 9.82024-10-31
vulnerable: 0.0.31 ... 1.0.9 (237 versions)
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
- CVE-2024-48061CRITICALCVSS 9.8EG 9.82024-11-04
vulnerable: 0.0.31 ... 1.0.9 (243 versions)
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
- CVE-2024-9277LOWCVSS 3.5EG 3.52024-09-27
vulnerable: 0.0.31 ... 1.0.9 (243 versions)
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. …
- CVE-2025-3248CRITICALCVSS 9.8EG 9.8⚠ KEV✓ Fixed in 1.3.02025-04-07
vulnerable: 0.0.31 ... 1.2.0 (253 versions)
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
- CVE-2025-34291HIGHCVSS 8.8EG 9.0⚠ KEV✓ Fixed in 1.7.02025-12-05
vulnerable: 0.0.31 ... 1.6.9 (276 versions)
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a re…
- CVE-2025-57760HIGHCVSS 8.8EG 8.8✓ Fixed in 1.5.12025-08-25
vulnerable: 0.0.31 ... 1.5.0.post2 (265 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow supe…
- CVE-2025-68477HIGHCVSS 7.7EG 7.7✓ Fixed in 1.7.12025-12-19
vulnerable: 0.0.31 ... 1.7.0 (277 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied UR…
- CVE-2025-68478HIGHCVSS 7.1EG 7.1✓ Fixed in 1.7.02025-12-19
vulnerable: 0.0.31 ... 1.6.9 (276 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrite…
- CVE-2026-0770CRITICALCVSS 9.8EG 9.82026-01-23
vulnerable: 0.0.31 ... 1.7.3 (280 versions)
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication …
- CVE-2026-21445CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.7.12026-01-02
vulnerable: 0.0.31 ... 1.7.0 (277 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to acce…
- CVE-2026-33017CRITICALCVSS 9.8EG 9.8⚠ KEV✓ Fixed in 1.9.02026-03-20
vulnerable: 0.0.31 ... 1.8.4 (293 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the op…
- CVE-2026-33053HIGHCVSS 0.0EG 6.1✓ Fixed in 1.9.02026-03-18
vulnerable: 0.0.31 ... 1.8.4 (293 versions)
Langflow is Missing Ownership Verification in API Key Deletion (IDOR) **Detection Method:** Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | src/backend/base/langflow/api/v1/api_key.py:44-53 | | Practical Exploitabi…
- CVE-2026-33309CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.9.02026-03-19
vulnerable: 1.2.0 ... 1.8.4 (41 versions)
Langflow has an Arbitrary File Write (RCE) via v2 API ### Summary While reviewing the recent patch for **CVE-2025-68478** (External Control of File Name in v1.7.1), I discovered that the root architectural issue within `LocalStorageServi…
- CVE-2026-33484HIGHCVSS 7.5EG 7.5✓ Fixed in 1.9.02026-03-20
vulnerable: 1.0.0 ... 1.8.4 (69 versions)
langflow has Unauthenticated IDOR on Image Downloads ### Summary The `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id …
- CVE-2026-33497HIGHCVSS 0.0EG 8.7✓ Fixed in 1.7.12026-03-20
vulnerable: 0.0.31 ... 1.7.0 (277 versions)
langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading ## Vulnerability ### Path Traversal in `GET /api/v1/files/profile_pictures/{folder_name}/{file_name}` The `download_profile_picture` function in `src/backend/ba…
- CVE-2026-33760HIGHCVSS 8.8EG 8.8✓ Fixed in 1.9.02026-06-16
vulnerable: 0.0.31 ... 1.8.4 (293 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sess…
- CVE-2026-33873CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.9.02026-03-27
vulnerable: 0.0.31 ... 1.8.4 (293 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears in…
- CVE-2026-34046HIGHCVSS 8.8EG 8.8✓ Fixed in 1.5.12026-03-27
vulnerable: 0.0.31 ... 1.5.0.post2 (265 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter …
- CVE-2026-42048CRITICALCVSS 9.6EG 9.6✓ Fixed in 1.9.02026-05-12
vulnerable: 0.0.31 ... 1.8.4 (293 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledg…
- CVE-2026-42867MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.9.02026-06-16
vulnerable: 0.0.31 ... 1.8.4 (293 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This occurs because user-supplied knowledge …
- CVE-2026-48519CRITICALCVSS 9.6EG 9.6✓ Fixed in 1.9.22026-06-16
vulnerable: 0.0.31 ... 1.9.1 (295 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the…
- CVE-2026-48520MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.10.02026-06-16
vulnerable: 0.0.31 ... 1.9.6rc0 (303 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnerability, depending on the exact flow conf…
- CVE-2026-55255HIGHCVSS 8.4EG 9.0⚠ KEV✓ Fixed in 1.9.12026-06-19
vulnerable: 0.0.31 ... 1.9.0 (294 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belo…
- CVE-2026-55423MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.7.12026-06-19
vulnerable: 0.0.31 ... 1.7.0 (277 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fi…
- CVE-2026-55446HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.192026-06-19
vulnerable: 0.0.31 ... 1.0.9 (243 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to …
- CVE-2026-55447CRITICALCVSS 9.6EG 9.6✓ Fixed in 1.9.22026-06-19
vulnerable: 0.0.31 ... 1.9.1 (295 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All…
- CVE-2026-55450CRITICALCVSS 9.3EG 9.3✓ Fixed in 1.9.12026-06-17
vulnerable: 0.0.31 ... 1.9.0 (294 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access …
- CVE-2026-6597LOWCVSS 2.7EG 2.72026-04-20
vulnerable: 0.0.31 ... 1.8.3rc0 (292 versions)
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes un…
- CVE-2026-6598MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.9.12026-04-20
vulnerable: 0.0.31 ... 1.9.0 (294 versions)
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Cre…
- CVE-2026-6599MEDIUMCVSS 6.3EG 6.32026-04-20
vulnerable: 0.0.31 ... 1.8.3rc0 (292 versions)
A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Co…
Check whether langflow is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for langflow CVEs against the assets you own.
Start Free Scan →