langflow

Top products

The 15 most recently published vulnerabilities affecting langflow.

• CVE-2026-3341IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services5.4Jun 11, 2026
• CVE-2026-7787Unauthenticated Session History Access via Public Flow Execution7.5Jun 11, 2026
• CVE-2026-7528Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS7.1May 27, 2026
• CVE-2026-7524Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution9.8May 27, 2026
• CVE-2026-42048Langflow: Path Traversal in Langflow Knowledge Bases API9.6May 12, 2026
• CVE-2026-6542Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id6.5Apr 30, 2026
• CVE-2026-6543Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint8.8Apr 30, 2026
• CVE-2026-3345Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint6.5Apr 30, 2026
• CVE-2026-3346Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw6.4Apr 30, 2026
• CVE-2026-3340Server-Side Request Forgery (SSRF) in Langflow URL Component6.5Apr 30, 2026
• CVE-2026-4502Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API6.5Apr 30, 2026
• CVE-2026-4503Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint7.5Apr 30, 2026
• CVE-2026-3357IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file8.8Apr 8, 2026
• CVE-2026-34046Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check8.8Mar 27, 2026
• CVE-2026-33873Langflow has Authenticated Code Execution in Agentic Assistant Validation9.9Mar 27, 2026