26 matches found
CVE-2026-14499
CVE-2026-14499 affects Langflow OSS 1.0.0–1.10.1. An authenticated user could execute arbitrary commands with elevated privileges due to improper validation of user-supplied input in the Python Interpreter component, resulting in OS command injection (CWE-78). IBM’s bulletin assigns CVSS v3.1 bas...
CVE-2026-7872 Path Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authentication Bypass
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user...
EUVD-2026-45282
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user...
PT-2026-60834
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW USER IS ACTIVE=true documented deployment option, newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the ne...
Security Bulletin: Path Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authentication Bypass
Summary A path traversal vulnerability existed in the File component's tar archive extraction functionality. An authenticated user could upload a specially crafted tar archive containing symbolic links to read arbitrary files accessible to the application process. The vulnerability allowed an...
Security Bulletin: MCP Server Configuration Validator Bypass via File Upload API
Summary A validation bypass vulnerability existed in the File Manager API that could allow an authenticated attacker to upload malicious MCP server configurations. The file upload endpoint accepted mcpservers.json files without invoking the MCPServerConfig validator, while the structured MCP API...
Security Bulletin: Unauthenticated User Registration Could Lead to Remote Code Execution
Summary An attacker could create accounts on an exposed instance without authentication through the user registration API. If an operator had configured newly created accounts to be active immediately, the attacker could then log in as that new user and reach code-execution functionality, which...
Security Bulletin: Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation
Summary A vulnerability allowed unauthenticated attackers to achieve remote code execution on default-configured instances. The vulnerability combined two distinct issues: an unauthenticated endpoint that issued superuser bearer tokens to any network caller, and a code validation endpoint that...
Security Bulletin: Arbitrary Code Execution in Python Interpreter Component
Summary A vulnerability in the Python Interpreter component allowed authenticated users to execute arbitrary Python code and escalate privileges to superuser level. An attacker with valid credentials could bypass security controls through the PythonREPLComponent, directly access the database, and...
Security Bulletin: Path Traversal in APIRequest Component via Content-Disposition Header
Summary A path traversal vulnerability existed in the APIRequest component when the "Save to File" feature was enabled. The component extracted filenames from server-controlled Content-Disposition headers without proper sanitization, allowing an attacker-controlled HTTP response to write files to...
CVE-2026-7871 Insecure Deserialization in Redis Cache Backend
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...
Security Bulletin: Code Injection Vulnerability in Code Validation Endpoint
Summary A code injection vulnerability was identified in the code validation endpoint that allowed authenticated users to execute arbitrary code on the server. The vulnerability existed in the validation logic which compiled and executed function definitions to check for import errors. Attackers...
CVE-2026-10561 Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise...
Security Bulletin: upload filename directly from the multipart Content-Disposition header without sanitization
Summary Langflow OSS 1.2.0 - 1.8.4 are affected by a critical arbitrary file write vulnerability in the files endpoint due to improper handling of uploaded filenames. The application extracts the filename directly from the multipart Content-Disposition header without sanitization and uses unsafe...
CVE-2026-7787
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...
CVE-2026-7787
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...
CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...
Security Bulletin: Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0
Summary Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in...
Security Bulletin: Langflow OSS affected by vulnerabilies in Lodash versions 4.17.23 and earlier
Summary Langflow OSS affected by vulnerabilies in Lodash versions 4.17.23 and earlier Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...
CVE-2026-7528
IBM Langflow OSS versions 1.0.0–1.9.0 are vulnerable to an unauthenticated file upload that allows unlimited uploads via the deprecated /api/v1/upload/{flow_id} endpoint, enabling DoS through uncontrolled resource consumption and potential absolute path disclosure in API responses. The root cause...