CVE
Severity
CVSS
Risk
Published
Description
Impact
CVE-2026-34046 high 8.8
8.8
2mo ago
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
python
CVE-2026-6596 high 7.3
7.3
1mo ago
Langflow: DoS Through Lack of File Size Restriction via Deprecated Unauthenticated File Upload API
python
CVE-2025-3248 unknown —
1.5
11mo ago
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
co…
python
CVE-2026-21445 unknown —
—
5mo ago
Langflow Missing Authentication on Critical API Endpoints
python
CVE-2025-57760 unknown —
—
9mo ago
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)
python