CVE-2026-5022— Langflow - Missing Authorization on download_image Endpoint
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-5022
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Langflow - Missing Authorization on download_image Endpoint
Source: NVD (National Vulnerability Database)
Vulnerability Description
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Langflow 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 langflow存在安全漏洞,该漏洞源于端点/api/v1/files/images/{flow_id}/{file_name}缺少身份验证和授权检查,可能导致未经验证的用户通过猜测流程ID和文件名下载任意流程的图像。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| langflow-ai | langflow | 0 | - |
II. Public POCs for CVE-2026-5022
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-5022
请登录查看更多情报信息。
Same Patch Batch · langflow-ai · 2026-03-27 · 6 CVEs total
| CVE-2026-5027 | 8.8 HIGH | Langflow - Path Traversal Arbitrary File Write via upload_user_file |
| CVE-2026-5025 | 6.5 MEDIUM | Langflow - Application Logs Exposed to All Authenticated Users |
| CVE-2026-5026 | Langflow - Stored XSS via Malicious SVG Upload | |
| CVE-2026-34046 | Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership | |
| CVE-2026-33873 | Langflow has Authenticated Code Execution in Agentic Assistant Validation |
IV. Related Vulnerabilities
Same product: langflow
- CVE-2026-7700
langflow-ai langflow LambdaFilterComponent lambda_filter.p e - CVE-2026-7687
langflow-ai langflow Full Builtins code_parser.py CodeParser - CVE-2026-6600
langflow-ai langflow Frontend React Component Rendering edit - CVE-2026-6599
langflow-ai langflow Model Context Protocol Configuration AP - CVE-2026-6598
langflow-ai langflow Project Creation Endpoint projects.py e
Same vendor: langflow-ai
- CVE-2026-7700
langflow-ai langflow LambdaFilterComponent lambda_filter.p e - CVE-2026-7687
langflow-ai langflow Full Builtins code_parser.py CodeParser - CVE-2026-6600
langflow-ai langflow Frontend React Component Rendering edit - CVE-2026-6599
langflow-ai langflow Model Context Protocol Configuration AP - CVE-2026-6598
langflow-ai langflow Project Creation Endpoint projects.py e
Same weakness: CWE-862
- CVE-2025-14755
Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Man - CVE-2021-47932
WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthen - CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2026-42297
Argo Workflows Is Missing Authorization in Sync ConfigMap Pr - CVE-2026-42174
Kirby: User avatar creation, replacement and deletion are no
V. Comments for CVE-2026-5022
No comments yet