Langflow
This hub aggregates every CVE we track for Langflow, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
43
CVEs tracked
15
Critical
16
High
3
In CISA KEV
Severity distribution
HIGH16CRITICAL15MEDIUM9LOW3
Monthly trend
1
0
1
1
1
0
0
0
0
1
0
0
0
1
0
0
0
3
6
1
12
7
5
2
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Langflow.
- CVE-2026-12822langflow-ai langflow Bundle URL Loader code injection5.3
- CVE-2026-7787Unauthenticated Session History Access via Public Flow Execution7.5
- CVE-2026-7528Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS7.1
- CVE-2026-7524Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution9.8
- CVE-2026-42048Langflow: Path Traversal in Langflow Knowledge Bases API9.6
- CVE-2026-7700langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection6.3
- CVE-2026-7687langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection6.3
- CVE-2026-6542Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id6.5
- CVE-2026-6600langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting3.5
- CVE-2026-6599langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection6.3
- CVE-2026-6598langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file4.3
- CVE-2026-6597langflow-ai langflow Flow Using API core.py has_api_terms credentials storage2.7
- CVE-2026-6596langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload7.3
- CVE-2026-3357IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file8.8
- CVE-2026-34046Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check8.8
Product normalization is registry-driven with AI assist and human review. How it works