Filtered by vendor Langflow
Subscriptions
Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0768 | 1 Langflow | 1 Langflow | 2026-01-23 | N/A |
| Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code parameter provided to the validate endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-27322. | ||||
| CVE-2026-0769 | 1 Langflow | 1 Langflow | 2026-01-23 | N/A |
| Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of eval_custom_component_code function. The issue results from the lack of proper validation of a user-supplied string before using it to execute python code. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26972. | ||||
| CVE-2026-0770 | 1 Langflow | 1 Langflow | 2026-01-23 | N/A |
| Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325. | ||||
| CVE-2026-0771 | 1 Langflow | 1 Langflow | 2026-01-23 | N/A |
| Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exists within the handling of Python function components. Depending upon product configuration, an attacker may be able to introduce custom Python code into a workflow. An attacker can leverage this vulnerability to execute code in the context of the application. Was ZDI-CAN-27497. | ||||
| CVE-2026-0772 | 1 Langflow | 1 Langflow | 2026-01-23 | N/A |
| Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk cache service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27919. | ||||
| CVE-2025-34291 | 1 Langflow | 1 Langflow | 2026-01-16 | 8.8 High |
| Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise. | ||||
| CVE-2026-21445 | 1 Langflow | 1 Langflow | 2026-01-16 | 9.1 Critical |
| Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch. | ||||
| CVE-2025-68477 | 1 Langflow | 1 Langflow | 2026-01-02 | 7.7 High |
| Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block private IP ranges (127[.]0[.]0[.]1, the 10/172/192 ranges) or cloud metadata endpoints (169[.]254[.]169[.]254), and it returns the response body as the result. Because the flow execution endpoints (/api/v1/run, /api/v1/run/advanced) can be invoked with just an API key, if an attacker can control the API Request URL in a flow, non-blind SSRF is possible—accessing internal resources from the server’s network context. This enables requests to, and collection of responses from, internal administrative endpoints, metadata services, and internal databases/services, leading to information disclosure and providing a foothold for further attacks. Version 1.7.0 contains a patch for this issue. | ||||
| CVE-2025-68478 | 1 Langflow | 1 Langflow | 2026-01-02 | 7.1 High |
| Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue. | ||||
| CVE-2025-3248 | 1 Langflow | 1 Langflow | 2025-11-29 | 9.8 Critical |
| Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | ||||
| CVE-2025-57760 | 1 Langflow | 1 Langflow | 2025-09-03 | 8.8 High |
| Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time. | ||||
| CVE-2024-7297 | 1 Langflow | 1 Langflow | 2025-06-24 | 8.8 High |
| Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint. | ||||
| CVE-2024-9277 | 1 Langflow | 1 Langflow | 2025-06-05 | 3.5 Low |
| A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48061 | 1 Langflow | 1 Langflow | 2025-05-28 | 9.8 Critical |
| langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. | ||||
| CVE-2024-42835 | 1 Langflow | 1 Langflow | 2025-05-27 | 9.8 Critical |
| langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. | ||||
| CVE-2024-37014 | 1 Langflow | 1 Langflow | 2024-11-21 | 9.8 Critical |
| Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. | ||||
Page 1 of 1.