Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

langflow-ai — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting langflow-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by langflow-ai:langflow
CVE IDTitleCVSSSeverityPublished
CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting — langflowCWE-79 3.5 Low2026-04-20
CVE-2026-6599 langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection — langflowCWE-74 6.3 Medium2026-04-20
CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file — langflowCWE-313 4.3 Medium2026-04-20
CVE-2026-6597 langflow-ai langflow Flow Using API core.py has_api_terms credentials storage — langflowCWE-256 2.7 Low2026-04-20
CVE-2026-6596 langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload — langflowCWE-434 7.3 High2026-04-20
CVE-2026-34046 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check — langflowCWE-639 8.2 -2026-03-27
CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation — langflowCWE-94 8.8 -2026-03-27
CVE-2026-5027 Langflow - Path Traversal Arbitrary File Write via upload_user_file — langflowCWE-22 8.8 High2026-03-27
CVE-2026-5026 Langflow - Stored XSS via Malicious SVG Upload — langflowCWE-79 5.4 -2026-03-27
CVE-2026-5025 Langflow - Application Logs Exposed to All Authenticated Users — langflowCWE-862 6.5 Medium2026-03-27
CVE-2026-5022 Langflow - Missing Authorization on download_image Endpoint — langflowCWE-862 5.3 -2026-03-27
CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading — langflowCWE-22 6.5 -2026-03-24
CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads — langflowCWE-284 7.5 High2026-03-24
CVE-2026-33475 Langflow GitHub Actions Shell Injection — langflowCWE-74 9.1 Critical2026-03-24
CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API — langflowCWE-22 10.0 Critical2026-03-24
CVE-2026-33053 Langflow has Missing Ownership Verification in API Key Deletion (IDOR) — langflowCWE-639 8.2 -2026-03-20
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint — langflowCWE-94 9.8 -2026-03-20
CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent — langflowCWE-94 9.8 Critical2026-02-26
CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints — langflowCWE-306 9.4 -2026-01-02
CVE-2025-68478 Langflow Vulnerable to External Control of File Name or Path — langflowCWE-73 7.1 High2025-12-19
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery — langflowCWE-918 7.7 High2025-12-19
CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation — langflowCWE-269 8.8 High2025-08-25
CVE-2025-3248 Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code — langflowCWE-306 9.8 Critical2025-04-07

This page lists every published CVE security advisory associated with langflow-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.