CVE-2026-33017 critical 9.8
10.0
2mo ago
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
python
CVE-2025-34291 high 8.8
10.0
6mo ago
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with al…
python
CVE-2026-42048 critical 9.6
9.6
15d ago
Langflow Knowledge Bases API is Vulnerable to Path Traversal
python
CVE-2026-34046 high 8.8
8.8
2mo ago
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
python
CVE-2026-6599 medium 6.3
6.3
1mo ago
Langflow vulnerable to injection
python
CVE-2026-6598 medium 4.3
4.3
1mo ago
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint
python