CVE-2026-21445
published 2026-01-02CVE-2026-21445: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are…
PriorityP189critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
20.66%
97.2th percentile
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| langflow-ai | langflow | < 1.7.0.dev45 | 1.7.0.dev45 |
| langflow | langflow | < 1.7.1 | 1.7.1 |
| langflow | langflow | >= 0 < 1.7.1 | 1.7.1 |
Detection & IOCsextracted from sources · hover to see the quote
url/api/v1/monitor/messages
- →Unauthenticated GET request to /api/v1/monitor/messages returning HTTP 200 with JSON body containing '"text":' and '"timestamp":' fields indicates successful exploitation of broken access control.
- →Multiple critical API endpoints in Langflow are missing authentication controls, allowing unauthenticated access to sensitive conversation data, transaction histories, and destructive operations such as message deletion. ↗
- →CVE-2026-21445 is part of a broader exploitation campaign targeting multiple Langflow vulnerabilities; monitor for unauthenticated access patterns across Langflow API endpoints. ↗
- ·The vulnerability affects Langflow versions prior to 1.7.0.dev45; instances running older versions with default configuration expose sensitive API endpoints without authentication. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Langflow Missing Authentication on Critical API Endpoints
ghsa·2026-01-02
CVE-2026-21445 [HIGH] CWE-306 Langflow Missing Authentication on Critical API Endpoints
Langflow Missing Authentication on Critical API Endpoints
### Summary
Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization.
### Details
The vulnerability exists in three API endpoints within `src/backend/base/langflow/api/v1/monitor.py` that are missing the required `dependencies=[Depends(get_current_active_user)]` authentication dependency:
**Affected Endpoints:**
1. **GET `/api/v1/monitor/messages`** (Line 61)
```python
@router.get("/messages") # ❌ Missing authentication
async def get_mes
OSV
Langflow Missing Authentication on Critical API Endpoints
osv·2026-01-02
CVE-2026-21445 [HIGH] Langflow Missing Authentication on Critical API Endpoints
Langflow Missing Authentication on Critical API Endpoints
### Summary
Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization.
### Details
The vulnerability exists in three API endpoints within `src/backend/base/langflow/api/v1/monitor.py` that are missing the required `dependencies=[Depends(get_current_active_user)]` authentication dependency:
**Affected Endpoints:**
1. **GET `/api/v1/monitor/messages`** (Line 61)
```python
@router.get("/messages") # ❌ Missing authentication
async def get_mes
VulnCheck
langflow langflow Missing Authentication for Critical Function
vulncheck·2026·CVSS 8.8
CVE-2026-21445 [HIGH] langflow langflow Missing Authentication for Critical Function
langflow langflow Missing Authentication for Critical Function
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.
Affected: langflow langflow
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracke
No detection rules found.
Nuclei
Langflow - Broken Access Control
nuclei·CVSS 8.8
CVE-2026-21445 [HIGH] Langflow - Broken Access Control
Langflow - Broken Access Control
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization.
Template:
id: CVE-2026-21445
info:
name: Langflow - Broken Access Control
author: DhiyaneshDk
severity: critical
description: |
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missin
Hackernews
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
blogs_hackernews·2026-06-10·CVSS 8.8
CVE-2026-5027 [HIGH] Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.
The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.
"The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the fi
Bleepingcomputer
Path traversal flaw in AI dev platform Langflow exploited in attacks
blogs_bleepingcomputer·2026-06-10·CVSS 9.8
CVE-2026-5027 [CRITICAL] Path traversal flaw in AI dev platform Langflow exploited in attacks
## Path traversal flaw in AI dev platform Langflow exploited in attacks
## Bill Toulas
CVE-2026-5027 is a high-severity path traversal flaw in Langflow's file upload functionality that fails to properly sanitize user-supplied filenames.
"The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../')," explains Tenable , which discovered the flaw at the start of the year.
Tenable publicly disclosed the issue on March 27, 2026, more than two months after initially reporting it to the Langflow team without receiving a response.
Although Tenable did not mention a fix in its advisory, Snyk Security reported on March 30, 2026, that t
Wiz
CVE-2026-21445 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-21445 [HIGH] CVE-2026-21445 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21445 :
Python vulnerability analysis and mitigation
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.
Source : NVD
## 8.8
Score
Published January 2, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Python
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date
2026-01-02
Published
Exploited in the wild