VIR Vulnerability Intelligence Relay

Package impact

python PyPI / langflow

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-33017 critical 9.8 10.0 2mo ago Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. python
CVE-2025-34291 high 8.8 10.0 6mo ago Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with al… python
CVE-2026-42048 critical 9.6 9.6 16d ago Langflow Knowledge Bases API is Vulnerable to Path Traversal python
CVE-2026-34046 high 8.8 8.8 2mo ago Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check python
CVE-2026-6599 medium 6.3 6.3 1mo ago Langflow vulnerable to injection python
CVE-2026-6598 medium 4.3 4.3 1mo ago Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint python
CVE-2026-6597 low 2.7 2.7 1mo ago A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flo… python