Search for packages
| purl | pkg:pypi/langflow-base@0.3.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6y1z-b2ye-jkd6
Aliases: CVE-2026-21445 GHSA-c5cp-vx83-jhqx |
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch. |
Affected by 1 other vulnerability. |
|
VCID-e9b3-3ks2-ukhy
Aliases: CVE-2026-6596 GHSA-vvfc-fp59-m92g |
A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
Affected by 0 other vulnerabilities. |
|
VCID-hfhf-2k6v-sbcf
Aliases: CVE-2026-34046 GHSA-8c4j-f57c-35cf |
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `False` (i.e., authentication was enabled), neither branch enforced an ownership check — the query returned any flow matching the given UUID regardless of who owned it. This allowed any authenticated user to read any other user's flow, including embedded plaintext API keys; modify the logic of another user's AI agents, and/or delete flows belonging to other users. The vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with `user_id = NULL`) under auto-login mode, but inadvertently left the authenticated path without an ownership filter. The fix in version 1.5.1 removes the `AUTO_LOGIN` conditional entirely and unconditionally scopes the query to the requesting user. |
Affected by 2 other vulnerabilities. |
|
VCID-hrmb-buvy-kuh7
Aliases: CVE-2025-57760 GHSA-4gv9-mp8m-592r |
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T22:11:16.228323+00:00 | GitLab Importer | Affected by | VCID-e9b3-3ks2-ukhy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langflow-base/CVE-2026-6596.yml | 38.6.0 |
| 2026-06-12T21:40:03.243339+00:00 | GitLab Importer | Affected by | VCID-hfhf-2k6v-sbcf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langflow-base/CVE-2026-34046.yml | 38.6.0 |
| 2026-06-12T20:43:09.468079+00:00 | GitLab Importer | Affected by | VCID-6y1z-b2ye-jkd6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langflow-base/CVE-2026-21445.yml | 38.6.0 |
| 2026-06-12T20:12:03.595514+00:00 | GitLab Importer | Affected by | VCID-hrmb-buvy-kuh7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langflow-base/CVE-2025-57760.yml | 38.6.0 |