Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: langflow Clear
ID Title
CVE-2026-7874 Vulnerability in langflow (CVE-2026-7874)
vulnerability in langflow (CVE-2026-7874). Confidential information can be exposed externally.
CVE-2026-7663 Vulnerability in langflow (CVE-2026-7663)
vulnerability in langflow (CVE-2026-7663). Confidential information can be exposed externally.
CVE-2026-7871 Unsafe Deserialization in langflow (CVE-2026-7871)
vulnerability in langflow (CVE-2026-7871). Successful exploitation can lead to full system takeover.
CVE-2026-7803 Vulnerability in langflow (CVE-2026-7803)
vulnerability in langflow (CVE-2026-7803). Successful exploitation can lead to full system takeover.
CVE-2026-7873 Code Injection in langflow (CVE-2026-7873)
code injection in langflow (CVE-2026-7873). Successful exploitation can lead to full system takeover.
CVE-2026-10546 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-10546)
SSRF in ssrf (CVE-2026-10546). Confidential information can be exposed externally.
CVE-2026-10564 SSRF (Server-Side Request Forgery) in c (CVE-2026-10564)
SSRF in c (CVE-2026-10564). Confidential information can be exposed externally.
CVE-2026-10140 Vulnerability in langflow (CVE-2026-10140)
vulnerability in langflow (CVE-2026-10140). Confidential information can be exposed externally.
CVE-2026-10560 Authentication Bypass in dos (CVE-2026-10560)
authentication bypass in dos (CVE-2026-10560). Confidential information can be exposed externally.
CVE-2026-10129 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-10129)
SSRF in ssrf (CVE-2026-10129). Confidential information can be exposed externally.
CVE-2026-10134 Code Injection in langflow (CVE-2026-10134)
code injection in langflow (CVE-2026-10134). Successful exploitation can lead to full system takeover. Exploitable via ``tool_code``.
CVE-2026-7664 Authentication Bypass in langflow (CVE-2026-7664)
authentication bypass in langflow (CVE-2026-7664). Successful exploitation can lead to full system takeover.
CVE-2026-10561 Code Injection in langflow (CVE-2026-10561)
code injection in langflow (CVE-2026-10561). Successful exploitation can lead to full system takeover.
CVE-2026-12822 Vulnerability in langflow (CVE-2026-12822)
vulnerability in langflow (CVE-2026-12822). Risk of unauthorized operations or information disclosure.
CVE-2026-55447 Vulnerability in langflow (CVE-2026-55447)
vulnerability in langflow (CVE-2026-55447). Successful exploitation can lead to full system takeover. Exploitable via ``BaseFileComponent``. Mitigation: upgrade to `1.9.2` or later.
CVE-2026-55446 Vulnerability in langflow (CVE-2026-55446)
vulnerability in langflow (CVE-2026-55446). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/files/upload/test`. Mitigation: upgrade to `1.0.19` or later.
CVE-2026-55423 Vulnerability in langflow (CVE-2026-55423)
vulnerability in langflow (CVE-2026-55423). Confidential information can be exposed externally. Exploitable via ``access_token_lf``. Mitigation: upgrade to `1.7.1` or later.
CVE-2026-55255 KEV [KEV] Vulnerability in langflow (CVE-2026-55255)
vulnerability in langflow (CVE-2026-55255). Confidential information can be exposed externally. Exploitable via ``get_flow_by_id_or_endpoint_name``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-55450 Information Disclosure in langflow (CVE-2026-55450)
vulnerability in langflow (CVE-2026-55450). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/upload/{flow_id}`. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-48520 Vulnerability in langflow (CVE-2026-48520)
vulnerability in langflow (CVE-2026-48520). Confidential information can be exposed externally. Exploitable via ``files``. Mitigation: upgrade to `1.10.0` or later.
CVE-2026-48519 Code Injection in langflow (CVE-2026-48519)
code injection in langflow (CVE-2026-48519). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
CVE-2026-42867 Path Traversal in langflow (CVE-2026-42867)
path traversal in langflow (CVE-2026-42867). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-33760 Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-7787 Vulnerability in langflow (CVE-2026-7787)
vulnerability in langflow (CVE-2026-7787). Confidential information can be exposed externally.
CVE-2026-3341 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3341)
SSRF in ssrf (CVE-2026-3341). Risk of unauthorized operations or information disclosure.
CVE-2026-7528 Vulnerability in dos (CVE-2026-7528)
vulnerability in dos (CVE-2026-7528). Risk of unauthorized operations or information disclosure.
CVE-2026-7524 Path Traversal in langflow (CVE-2026-7524)
path traversal in langflow (CVE-2026-7524). Successful exploitation can lead to full system takeover.
CVE-2026-42048 Path Traversal in langflow (CVE-2026-42048)
path traversal in langflow (CVE-2026-42048). Data can be tampered with by attackers. Exploitable via `DELETE /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-6543 Code Injection in langflow (CVE-2026-6543)
code injection in langflow (CVE-2026-6543). Successful exploitation can lead to full system takeover.
CVE-2026-3345 Path Traversal in langflow (CVE-2026-3345)
path traversal in langflow (CVE-2026-3345). Confidential information can be exposed externally.
CVE-2026-4503 Vulnerability in langflow (CVE-2026-4503)
vulnerability in langflow (CVE-2026-4503). Confidential information can be exposed externally.
CVE-2026-4502 Path Traversal in langflow (CVE-2026-4502)
path traversal in langflow (CVE-2026-4502). Data can be tampered with by attackers.
CVE-2026-3340 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3340)
SSRF in ssrf (CVE-2026-3340). Risk of unauthorized operations or information disclosure.
CVE-2026-3346 SQL Injection in langflow (CVE-2026-3346)
SQL injection in langflow (CVE-2026-3346). Risk of unauthorized operations or information disclosure.
CVE-2026-34046 Vulnerability in langflow (CVE-2026-34046)
vulnerability in langflow (CVE-2026-34046). Successful exploitation can lead to full system takeover. Exploitable via ``_read_flow``.
CVE-2026-33017 KEV [KEV] Vulnerability in langflow (CVE-2026-33017)
vulnerability in langflow (CVE-2026-33017). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/build_public_tmp/{flow_id}/flow`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.0` or later.
CVE-2025-34291 KEV [KEV] Vulnerability in langflow (CVE-2025-34291)
vulnerability in langflow (CVE-2025-34291). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.7.0` or later.
CVE-2025-3248 KEV [KEV] Vulnerability in langflow (CVE-2025-3248)
vulnerability in langflow (CVE-2025-3248). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →