Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

langflow — Vulnerabilities & Security Advisories 30

All 30 CVE vulnerabilities found in langflow, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPaused
CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting CWE-79 3.5 Low2026-04-20
CVE-2026-6599 langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection CWE-74 6.3 Medium2026-04-20
CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file CWE-313 4.3 Medium2026-04-20
CVE-2026-6597 langflow-ai langflow Flow Using API core.py has_api_terms credentials storage CWE-256 2.7 Low2026-04-20
CVE-2026-6596 langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload CWE-434 7.3 High2026-04-20
CVE-2026-34046 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check CWE-639 8.2 -2026-03-27
CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation CWE-94 8.8 -2026-03-27
CVE-2026-5027 Langflow - Path Traversal Arbitrary File Write via upload_user_file CWE-22 8.8 High2026-03-27
CVE-2026-5026 Langflow - Stored XSS via Malicious SVG Upload CWE-79 5.4 -2026-03-27
CVE-2026-5025 Langflow - Application Logs Exposed to All Authenticated Users CWE-862 6.5 Medium2026-03-27
CVE-2026-5022 Langflow - Missing Authorization on download_image Endpoint CWE-862 5.3 -2026-03-27
CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading CWE-22 6.5 -2026-03-24
CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads CWE-284 7.5 High2026-03-24
CVE-2026-33475 Langflow GitHub Actions Shell Injection CWE-74 9.1 Critical2026-03-24
CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API CWE-22 10.0 Critical2026-03-24
CVE-2026-33053 Langflow has Missing Ownership Verification in API Key Deletion (IDOR) CWE-639 8.2 -2026-03-20
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint CWE-94 9.8 -2026-03-20
CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent CWE-94 9.8 Critical2026-02-26
CVE-2026-0772 Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502 8.8 -2026-01-23
CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability CWE-94 9.8 -2026-01-23
CVE-2026-0770 Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability CWE-829 9.8 -2026-01-23
CVE-2026-0769 Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability CWE-95 9.8 -2026-01-23
CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability CWE-94 9.8 -2026-01-23
CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints CWE-306 9.4 -2026-01-02
CVE-2025-68478 Langflow Vulnerable to External Control of File Name or Path CWE-73 7.1 High2025-12-19
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery CWE-918 7.7 High2025-12-19
CVE-2025-34291 Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE CWE-346 8.8 -2025-12-05
CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation CWE-269 8.8 High2025-08-25
CVE-2025-3248 Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code CWE-306 9.8 Critical2025-04-07
CVE-2024-9277 Langflow HTTP POST Request utils.py redos CWE-1333 3.5 Low2024-09-27

All 30 known CVE vulnerabilities affecting langflow with full Chinese analysis, references, and POCs where available.