Langflow-Ai Langflow vulnerabilities
34 known vulnerabilities affecting langflow-ai/langflow.
Total CVEs
34
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
4
Severity breakdown
CRITICAL10HIGH11MEDIUM11LOW2
Vulnerabilities
Page 2 of 2
CVE-2026-7687P3MEDIUMCVSS 6.3v1.8.0v1.8.1+3 more2026-05-03
CVE-2026-7687 [MEDIUM] CWE-74 CVE-2026-7687: A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the fu
A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit
nvd
CVE-2026-55446P3HIGHCVSS 7.5fixed in 1.0.192026-06-23
CVE-2026-55446 [HIGH] CWE-400 CVE-2026-55446: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an a
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time. This vulnerability is fixed in 1.0.
nvd
CVE-2026-12822P3HIGHCVSS 7.8v1.9.0v1.9.1+2 more2026-06-22
CVE-2026-12822 [HIGH] CWE-74 CVE-2026-12822: A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function
A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in any way.
nvd
CVE-2026-6599P3MEDIUMCVSS 6.3v1.8.0v1.8.1+2 more2026-04-20
CVE-2026-6599 [MEDIUM] CWE-74 CVE-2026-6599: A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the functi
A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument X-Forwarded-For results in injection. The attack may be
nvd
CVE-2026-7700P3MEDIUMCVSS 6.3v1.8.0v1.8.1+3 more2026-05-03
CVE-2026-7700 [MEDIUM] CWE-74 CVE-2026-7700: A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval o
A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from remote. The exploit has been made available to the public a
nvd
CVE-2026-42867P3MEDIUMCVSS 6.5fixed in 1.9.02026-06-23
CVE-2026-42867 [MEDIUM] CWE-22 CVE-2026-42867: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langf
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authentic
nvd
CVE-2026-5025P3MEDIUMCVSS 6.5v02026-03-27
CVE-2026-5025 [MEDIUM] CWE-862 CVE-2026-5025: The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').
nvd
CVE-2026-5022P3MEDIUMCVSS 5.3v02026-03-27
CVE-2026-5022 [MEDIUM] CWE-862 CVE-2026-5022: The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or aut
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.
nvd
CVE-2026-48520P4MEDIUMCVSS 6.1fixed in 1.10.02026-06-23
CVE-2026-48520 [MEDIUM] CWE-73 CVE-2026-48520: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of the flow is allowed. The execution request can contai
nvd
CVE-2026-5026P4MEDIUMCVSS 5.4v02026-03-27
CVE-2026-5026 [MEDIUM] CWE-79 CVE-2026-5026: The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml'
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content.
Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leading to stored cross-site scripting (XSS). This allow
nvd
CVE-2026-55423P4MEDIUMCVSS 6.1fixed in 1.7.02026-06-23
CVE-2026-55423 [MEDIUM] CWE-613 CVE-2026-55423: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the l
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0.
nvd
CVE-2026-6598P4MEDIUMCVSS 4.3v1.8.0v1.8.1+2 more2026-04-20
CVE-2026-6598 [MEDIUM] CWE-312 CVE-2026-6598: A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settings leads to cleartext storage in a file or on disk. T
nvd
CVE-2026-6600P4LOWCVSS 3.5v1.8.0v1.8.1+2 more2026-04-20
CVE-2026-6600 [LOW] CWE-79 CVE-2026-6600: A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the f
A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit
nvd
CVE-2026-6597P4LOWCVSS 2.7v1.8.0v1.8.1+2 more2026-04-20
CVE-2026-6597 [LOW] CWE-255 CVE-2026-6597: A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated remotely. The exploit has been made available to the pu
nvd
← Previous2 / 2