Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

langflow-ai — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting langflow-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Langflow-ai is an open-source framework designed to facilitate the rapid development and deployment of multi-agent and large language model applications. Its architecture allows developers to visually construct complex workflows, making it a popular tool for integrating AI capabilities into enterprise software. However, this complexity has historically exposed the platform to significant security risks, with twenty-five Common Vulnerabilities and Exposures (CVEs) currently on record. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and insecure default configurations in its API endpoints. Notable incidents highlight critical flaws in authentication mechanisms and data handling, allowing attackers to bypass security controls or execute arbitrary commands. Consequently, while Langflow-ai offers powerful functionality for AI orchestration, its security posture requires rigorous hardening and continuous monitoring to mitigate the inherent risks associated with its dynamic, code-generating nature.

Top products by langflow-ai: langflow
CVE IDTitleCVSSSeverityPublished
CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection — langflowCWE-94 6.3 Medium2026-05-03
CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection — langflowCWE-77 6.3 Medium2026-05-03
CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting — langflowCWE-79 3.5 Low2026-04-20
CVE-2026-6599 langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection — langflowCWE-74 6.3 Medium2026-04-20
CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file — langflowCWE-313 4.3 Medium2026-04-20
CVE-2026-6597 langflow-ai langflow Flow Using API core.py has_api_terms credentials storage — langflowCWE-256 2.7 Low2026-04-20
CVE-2026-6596 langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload — langflowCWE-434 7.3 High2026-04-20
CVE-2026-34046 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check — langflowCWE-639 8.2 -2026-03-27
CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation — langflowCWE-94 8.8 -2026-03-27
CVE-2026-5027 Langflow - Path Traversal Arbitrary File Write via upload_user_file — langflowCWE-22 8.8 High2026-03-27
CVE-2026-5026 Langflow - Stored XSS via Malicious SVG Upload — langflowCWE-79 5.4 -2026-03-27
CVE-2026-5025 Langflow - Application Logs Exposed to All Authenticated Users — langflowCWE-862 6.5 Medium2026-03-27
CVE-2026-5022 Langflow - Missing Authorization on download_image Endpoint — langflowCWE-862 5.3 -2026-03-27
CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading — langflowCWE-22 6.5 -2026-03-24
CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads — langflowCWE-284 7.5 High2026-03-24
CVE-2026-33475 Langflow GitHub Actions Shell Injection — langflowCWE-74 9.1 Critical2026-03-24
CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API — langflowCWE-22 10.0 Critical2026-03-24
CVE-2026-33053 Langflow has Missing Ownership Verification in API Key Deletion (IDOR) — langflowCWE-639 8.2 -2026-03-20
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint — langflowCWE-94 9.8 -2026-03-20
CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent — langflowCWE-94 9.8 Critical2026-02-26
CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints — langflowCWE-306 9.4 -2026-01-02
CVE-2025-68478 Langflow Vulnerable to External Control of File Name or Path — langflowCWE-73 7.1 High2025-12-19
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery — langflowCWE-918 7.7 High2025-12-19
CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation — langflowCWE-269 8.8 High2025-08-25
CVE-2025-3248 Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code — langflowCWE-306 9.8 Critical2025-04-07

This page lists every published CVE security advisory associated with langflow-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.