Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting langflow.
- CVE-2026-10129SSRF via HTTP Redirect Following in Langflow API Request Component8.5
- CVE-2026-10134Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows10.0
- CVE-2026-10140Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem9.6
- CVE-2026-10546DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component7.1
- CVE-2026-10560Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS8.2
- CVE-2026-10564SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection8.2
- CVE-2026-7663Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass9.1
- CVE-2026-7803Flow Validation Bypass via Empty Component Type Field9.8
- CVE-2026-7871Insecure Deserialization in Redis Cache Backend9.8
- CVE-2026-7873Code Injection Vulnerability in Code Validation Endpoint9.9
- CVE-2026-7874Weak Cryptographic Key Derivation Exposed All Stored Credentials9.1
- CVE-2026-48520Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read6.1
- CVE-2026-33760Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints8.8
- CVE-2026-42867Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint6.5
- CVE-2026-55255Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow9.9