62 matches found
CVE-2026-6598
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below -...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-34291link is external Langflow Origin Validation Error Vulnerability CVE-2026-34926link is external Trend Micro Apex One On-Premise Directory Traversal...
CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection
A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...
CVE-2026-6599
The CVE-2026-6599 entry concerns langflow-ai langflow (up to v1.8.3) with a flaw in the Model Context Protocol Configuration API. The affected element is the file src/backend/base/langflow/api/v1/mcp_projects.py, specifically the install_mcp_config function (and mention of get_client_ip). Manipul...
Arbitrary Code Injection
Langflow is vulnerable to Arbitrary Code Injection. The vulnerability is due to the validation process dynamically executing LLM‑generated Python code via exec, where the validation routine runs the generated code and an attacker who can influence the model output can achieve arbitrary server‑sid...
CVE-2026-34046
Summary : CVE-2026-34046 affects Langflow prior to 1.5.1, where the _read_flow) path could bypass ownership checks when AUTO_LOGIN was false, allowing any authenticated user to read, modify, or delete flows owned by others, potentially exposing embedded plaintext API keys. Affected component : La...
CVE-2026-33053
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the deleteapikeyroute endpoint accepts an apikeyid path parameter and deletes it with only a generic authentication check getcurrentactiveuser dependency. However, the deleteapikey CRUD...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Langflow
Langflow Exploit Tool - CVE-2026-0770 📋 Table of Contents...
EUVD-2026-8819
Langflow has Remote Code Execution in CSV Agent...
CVE-2026-27966
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...
CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...
CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...
PT-2026-22107
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.8.0 Description Langflow, a tool for building and deploying AI-powered agents and workflows, contains a flaw in the CSV Agent node. Prior to version 1.8.0, the allow dangerous code parameter is hardcoded to True,...
Arbitrary Code Injection
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by introducing custom Python code into a workflow. Remediati...
CVE-2026-0771
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...
CVE-2026-0772
Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...
CVE-2026-0769
Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...
VulnCheck KEV: CVE-2025-34291
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration alloworigins='' with allowcredentials=True combined with a refresh token cookie configured as SameSite=None allows a malicio...