Langflow

Langflow

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-33017

Warnung Medienbericht Exploit
  • EPSS 5.65%
  • Veröffentlicht 20.03.2026 04:52:52
  • Zuletzt bearbeitet 26.03.2026 13:26:16

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data...

9.8

CVE-2026-27966

Medienbericht Exploit
  • EPSS 0.19%
  • Veröffentlicht 26.02.2026 01:55:18
  • Zuletzt bearbeitet 28.02.2026 00:54:27

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`)....

7.5

CVE-2026-0772

  • EPSS 1.27%
  • Veröffentlicht 23.01.2026 03:29:01
  • Zuletzt bearbeitet 18.02.2026 19:05:00

Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerab...

7.1

CVE-2026-0771

  • EPSS 0.14%
  • Veröffentlicht 23.01.2026 03:28:56
  • Zuletzt bearbeitet 18.02.2026 19:05:10

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the confi...

9.8

CVE-2026-0770

  • EPSS 11.86%
  • Veröffentlicht 23.01.2026 03:28:52
  • Zuletzt bearbeitet 18.02.2026 16:43:44

Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not requ...

9.8

CVE-2026-0769

  • EPSS 1.41%
  • Veröffentlicht 23.01.2026 03:28:47
  • Zuletzt bearbeitet 18.02.2026 16:43:31

Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnera...

9.8

CVE-2026-0768

  • EPSS 1.87%
  • Veröffentlicht 23.01.2026 03:28:43
  • Zuletzt bearbeitet 18.02.2026 16:43:11

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific ...

9.1

CVE-2026-21445

Exploit
  • EPSS 6.97%
  • Veröffentlicht 02.01.2026 19:11:24
  • Zuletzt bearbeitet 16.01.2026 18:32:17

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitiv...

7.1

CVE-2025-68478

Exploit
  • EPSS 0.06%
  • Veröffentlicht 19.12.2025 17:10:14
  • Zuletzt bearbeitet 02.01.2026 16:20:53

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at...

6.5

CVE-2025-68477

Exploit
  • EPSS 0.03%
  • Veröffentlicht 19.12.2025 16:43:00
  • Zuletzt bearbeitet 02.01.2026 16:21:28

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs...