Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting langflow.
- CVE-2026-48520Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read6.1
- CVE-2026-42867Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint6.5
- CVE-2026-55255Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow9.9
- CVE-2026-48519Langflow: Unauthenticated RCE in Shareable Playgrounds9.6
- CVE-2026-7664Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS9.8
- CVE-2026-7787Unauthenticated Session History Access via Public Flow Execution7.5
- CVE-2026-7528Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS7.1
- CVE-2026-7524Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution9.8
- CVE-2026-42048Langflow: Path Traversal in Langflow Knowledge Bases API9.6
- CVE-2026-6542Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id6.5
- CVE-2026-6543Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint8.8
- CVE-2026-4502Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API6.5
- CVE-2026-4503Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint7.5
- CVE-2026-5026Langflow - Stored XSS via Malicious SVG Upload5.4
- CVE-2026-5025Langflow - Application Logs Exposed to All Authenticated Users6.5