VIR Vulnerability Intelligence Relay

Package impact

python PyPI / langflow

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-33017 critical 9.8 10.0 2mo ago Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. python
CVE-2025-34291 high 8.8 10.0 6mo ago Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with al… python
CVE-2026-42048 critical 9.6 9.6 15d ago Langflow Knowledge Bases API is Vulnerable to Path Traversal python
CVE-2026-34046 high 8.8 8.8 2mo ago Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check python
CVE-2026-6599 medium 6.3 6.3 1mo ago Langflow vulnerable to injection python
CVE-2026-6598 medium 4.3 4.3 1mo ago Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint python
CVE-2026-6597 low 2.7 2.7 1mo ago A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flo… python
CVE-2025-3248 unknown 1.5 11mo ago Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary co… python
CVE-2026-33873 unknown 2mo ago Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validati… python
CVE-2026-33497 unknown 2mo ago Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endp… python
CVE-2026-33484 unknown 2mo ago Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without an… python
CVE-2026-33309 unknown 2mo ago Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to t… python
CVE-2026-33053 unknown 2mo ago Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with… python
CVE-2026-27966 unknown 3mo ago Langflow has Remote Code Execution in CSV Agent python
CVE-2026-0770 unknown 4mo ago Langflow affected by Remote Code Execution via validate_code() exec() python
CVE-2026-21445 unknown 5mo ago Langflow Missing Authentication on Critical API Endpoints python
CVE-2025-68478 unknown 5mo ago Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flo… python
CVE-2025-68477 unknown 5mo ago Langflow vulnerable to Server-Side Request Forgery python
CVE-2025-57760 unknown 9mo ago Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) python
CVE-2024-48061 unknown 2y ago Langflow vulnerable to remote code execution python
CVE-2024-42835 unknown 2y ago langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. python
CVE-2024-9277 unknown 2y ago Inefficient Regular Expression Complexity in langflow python
CVE-2024-37014 unknown 2y ago Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. python