Lucene search
K

801 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.8 views

Langflow < 1.9.0 RCE (GHSA-vwmf-pq79-vjvx)

The version of Langflow installed on the remote host is prior to 1.9.0. It is, therefore, affected by a remote code execution vulnerability: - The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is...

9.8CVSS6.8AI score0.98191EPSS
Exploits20References2
CISA
CISA
added 2026/03/25 12:0 p.m.9 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33017link is external Langflow Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

9.8CVSS5.9AI score0.98191EPSS
In wildExploits20References6
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/25 12:0 a.m.11 views

Langflow Code Injection Vulnerability

Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication...

9.8CVSS6.1AI score0.98191EPSS
In wildExploits20
Snyk
Snyk
added 2026/03/24 2:34 p.m.2 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Amendment This was deemed not a vulnerability. Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized interpolatio...

9.3CVSS6AI score0.02956EPSS
Exploits1References2
OSV
OSV
added 2026/03/24 2:16 p.m.11 views

PYSEC-2026-81

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

7.5CVSS5.8AI score0.08847EPSS
Exploits1References1
PyPA
PyPA
added 2026/03/24 2:16 p.m.13 views

PYSEC-2026-81

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.08847EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/24 2:16 p.m.6 views

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS0.08847EPSS
Exploits1References1
PyPA
PyPA
added 2026/03/24 2:16 p.m.12 views

PYSEC-2026-80

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS5.8AI score0.05838EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/24 2:16 p.m.8 views

CVE-2026-33484

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS0.05838EPSS
Exploits1References1
OSV
OSV
added 2026/03/24 2:16 p.m.10 views

PYSEC-2026-80

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS5.8AI score0.05838EPSS
Exploits1References1
NVD
NVD
added 2026/03/24 1:16 p.m.4 views

CVE-2026-33475

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS0.02956EPSS
Exploits1References1
NVD
NVD
added 2026/03/24 1:16 p.m.6 views

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS0.01417EPSS
Exploits1References1
PyPA
PyPA
added 2026/03/24 1:16 p.m.16 views

PYSEC-2026-79

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS5.9AI score0.03631EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2026/03/24 1:16 p.m.8 views

PYSEC-2026-79

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS5.9AI score0.01417EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/24 1:14 p.m.4 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.08847EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/24 1:14 p.m.31 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS0.08847EPSS
Exploits1References1
CVE
CVE
added 2026/03/24 1:14 p.m.19 views

CVE-2026-33497

Langflow contains a directory-traversal vulnerability in the /profile_pictures/{folder_name}/{file_name} endpoint (download_profile_picture) where folder_name and file_name are not strictly filtered. This allows an attacker to read files outside the intended directory, including the application’s...

8.7CVSS5.8AI score0.08847EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 1:14 p.m.3 views

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.08847EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/24 1:14 p.m.4 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.08847EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/24 12:57 p.m.6 views

CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS5.8AI score0.05838EPSS
Exploits1References1
Rows per page
Query Builder