{"url":"http://public2.vulnerablecode.io/api/packages/45505?format=json","purl":"pkg:pypi/langflow@1.5.0","type":"pypi","namespace":"","name":"langflow","version":"1.5.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.9.0","latest_non_vulnerable_version":"1.9.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9592?format=json","vulnerability_id":"VCID-22hm-534x-fyed","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class server-side. In deployments where an attacker can access the Agentic Assistant feature and influence the model output, this can result in arbitrary server-side Python execution. Version 1.9.0 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33873","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17815","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33873"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87"},{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47738?format=json","purl":"pkg:pypi/langflow@1.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0"}],"aliases":["CVE-2026-33873","GHSA-v8hw-mh8c-jxfc","PYSEC-2026-82"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22hm-534x-fyed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9587?format=json","vulnerability_id":"VCID-9vte-9ecr-quhw","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33497","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1267","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33497"},{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47722?format=json","purl":"pkg:pypi/langflow@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22hm-534x-fyed"},{"vulnerability":"VCID-dsgg-w6zh-5fek"},{"vulnerability":"VCID-rnzn-x922-vkav"},{"vulnerability":"VCID-z1h6-t53p-77aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1"}],"aliases":["CVE-2026-33497","GHSA-ph9w-r52h-28p7","PYSEC-2026-81"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vte-9ecr-quhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9581?format=json","vulnerability_id":"VCID-dsgg-w6zh-5fek","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33053","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18118","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33053"},{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47738?format=json","purl":"pkg:pypi/langflow@1.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0"}],"aliases":["CVE-2026-33053","GHSA-rf6x-r45m-xv3w","PYSEC-2026-78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsgg-w6zh-5fek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9503?format=json","vulnerability_id":"VCID-quy8-3rhy-wufd","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68478","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10592","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68478"},{"reference_url":"https://github.com/langflow-ai/langflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow"},{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68478","reference_id":"CVE-2025-68478","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68478"},{"reference_url":"https://github.com/advisories/GHSA-f43r-cc68-gpx4","reference_id":"GHSA-f43r-cc68-gpx4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f43r-cc68-gpx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45519?format=json","purl":"pkg:pypi/langflow@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22hm-534x-fyed"},{"vulnerability":"VCID-9vte-9ecr-quhw"},{"vulnerability":"VCID-dsgg-w6zh-5fek"},{"vulnerability":"VCID-rnzn-x922-vkav"},{"vulnerability":"VCID-z1h6-t53p-77aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/47722?format=json","purl":"pkg:pypi/langflow@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22hm-534x-fyed"},{"vulnerability":"VCID-dsgg-w6zh-5fek"},{"vulnerability":"VCID-rnzn-x922-vkav"},{"vulnerability":"VCID-z1h6-t53p-77aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1"}],"aliases":["CVE-2025-68478","GHSA-f43r-cc68-gpx4","PYSEC-2025-125"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-quy8-3rhy-wufd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9585?format=json","vulnerability_id":"VCID-rnzn-x922-vkav","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency. This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33309","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17815","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33309"},{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47738?format=json","purl":"pkg:pypi/langflow@1.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0"}],"aliases":["CVE-2026-33309","GHSA-g2j9-7rj2-gm6c","PYSEC-2026-79"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rnzn-x922-vkav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9489?format=json","vulnerability_id":"VCID-uqbp-kmed-fyc8","summary":"Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-34291","reference_id":"","reference_type":"","scores":[{"value":"0.32059","scoring_system":"epss","scoring_elements":"0.96906","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-34291"},{"reference_url":"https://github.com/langflow-ai/langflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow"},{"reference_url":"https://github.com/langflow-ai/langflow/pull/10139","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow/pull/10139"},{"reference_url":"https://github.com/langflow-ai/langflow/pull/10696","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow/pull/10696"},{"reference_url":"https://github.com/langflow-ai/langflow/pull/9240","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow/pull/9240"},{"reference_url":"https://github.com/langflow-ai/langflow/pull/9441","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow/pull/9441"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2025-78.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2025-78.yaml"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291"},{"reference_url":"https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform"},{"reference_url":"https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-34291","reference_id":"CVE-2025-34291","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-34291"},{"reference_url":"https://www.crowdsec.net/vulntracking-report/cve-2025-34291","reference_id":"CVE-2025-34291","reference_type":"","scores":[],"url":"https://www.crowdsec.net/vulntracking-report/cve-2025-34291"},{"reference_url":"https://github.com/advisories/GHSA-577h-p2hh-v4mv","reference_id":"GHSA-577h-p2hh-v4mv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-577h-p2hh-v4mv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45519?format=json","purl":"pkg:pypi/langflow@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22hm-534x-fyed"},{"vulnerability":"VCID-9vte-9ecr-quhw"},{"vulnerability":"VCID-dsgg-w6zh-5fek"},{"vulnerability":"VCID-rnzn-x922-vkav"},{"vulnerability":"VCID-z1h6-t53p-77aj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.0"}],"aliases":["CVE-2025-34291","GHSA-577h-p2hh-v4mv","PYSEC-2025-78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uqbp-kmed-fyc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9586?format=json","vulnerability_id":"VCID-z1h6-t53p-77aj","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33484","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11705","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33484"},{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47738?format=json","purl":"pkg:pypi/langflow@1.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0"}],"aliases":["CVE-2026-33484","GHSA-7grx-3xcx-2xv5","PYSEC-2026-80"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1h6-t53p-77aj"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.5.0"}