CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 3 hours ago•3 views

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

9.9CVSS

NVD•added 3 hours ago•4 views

CVE-2026-54301

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central...

7CVSS0.00034EPSS

CVE-2026-54304

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.1CVSS0.00034EPSS

NVD•added 3 hours ago•3 views

CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS0.00038EPSS

CVE-2026-49465

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...

6CVSS0.00034EPSS

CVE-2026-44791

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This...

9.4CVSS0.00046EPSS

CVE-2026-44790

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leadi...

9.4CVSS0.00043EPSS

CVE-2026-42867

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without...

6.5CVSS0.00056EPSS

CVE•added 3 hours ago•12 views

CVE-2026-54014

Open WebUI (open-webui/open-webui) before version 0.9.6 is affected by a sibling-prefix path traversal in the cache file endpoint. The vulnerability stems from serve_cache_file() validating the absolute path with file_path.startswith(os.path.abspath(CACHE_DIR)) without appending a trailing path s...

4.3CVSS5.9AI score0.00038EPSS

Cvelist•added 3 hours ago•3 views

CVE-2026-54016 Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization BOLA vulnerability in the builtin searchknowledgefiles tool. When native function calling is enabled and the selected model has no...

4.3CVSS0.00022EPSS

Cvelist•added 4 hours ago•3 views

CVE-2026-42867 Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint

6.5CVSS0.00056EPSS

CVE•added 4 hours ago•12 views

CVE-2026-42867

CVE-2026-42867 – Langflow exposed path traversal via the Knowledge Bases API (POST /api/v1/knowledge_bases). The root cause is that user-supplied base names are concatenated into file paths without proper containment checks, allowing an authenticated attacker to create directories and write files...

6.5CVSS5.9AI score0.00056EPSS

CVE•added 4 hours ago•17 views

CVE-2026-55255

Langflow4: CVE-2026-55255 describes an IDOR in POST /api/v1/responses that lets an authenticated user execute another user’s flow by supplying the victim’s flow ID. Root cause: get_flow_by_id_or_endpoint_name queries by UUID without verifying ownership in both UUID and endpoint_name paths, enabli...

9.9CVSS5.9AI score

EUVD•added 4 hours ago•3 views

EUVD-2026-38517

9.9CVSS5.9AI score

Cvelist•added 4 hours ago•6 views

CVE-2026-55255 Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow

9.9CVSS

NVD•added 4 hours ago•5 views

CVE-2026-54313

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

6.5CVSS0.00038EPSS

NVD•added 4 hours ago•7 views

CVE-2026-54310

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...

6.5CVSS0.00038EPSS