Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting langflow.
- CVE-2026-48520Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read6.1
- CVE-2026-33760Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints8.8
- CVE-2026-42867Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint6.5
- CVE-2026-55255Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow9.9
- CVE-2026-55423Langflow: Logout button does not clear session6.1
- CVE-2026-55446Langflow: Unauthenticated DoS through multipart form boundary file upload7.5
- CVE-2026-48519Langflow: Unauthenticated RCE in Shareable Playgrounds9.6
- CVE-2026-55447Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit9.6
- CVE-2026-55450Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak9.3
- CVE-2026-7664Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS9.8
- CVE-2026-10561Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection10.0
- CVE-2026-12822langflow-ai langflow Bundle URL Loader code injection5.3
- CVE-2026-3341IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services5.4
- CVE-2026-7787Unauthenticated Session History Access via Public Flow Execution7.5
- CVE-2026-7528Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS7.1