Lucene search
K

801 matches found

CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

Langflow code issues and vulnerabilities

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has code-related vulnerabilities; these vulnerabilities stem from the lack of validation for data provided by the disk caching service, which may lead to the...

7.5CVSS7.5AI score0.00897EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.9 views

Langflow code injection vulnerability

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a code injection vulnerability, which arises from the possibility of introducing custom code when handling Python function components. This vulnerability may lead t...

7.1CVSS7.4AI score0.00551EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.5 views

(0Day) Langflow code Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code parameter provided to the validate endpoint. The issue results from th...

9.8CVSS7.6AI score0.02035EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.7 views

PT-2026-2001

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow related to the handling of Python function components, potentially allowing remote attackers to execute arbitrary code on affected systems. An attacker may be able ...

7.1CVSS7.6AI score0.00551EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.7 views

PT-2026-1998

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient...

9.8CVSS9AI score0.02035EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.5 views

(0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exists within the handling of Python function components. Depending upon product...

7.1CVSS7.6AI score0.00551EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.3 views

PT-2026-2000

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code. Authentication is not required for exploitation. The issue stems from the inclusion of functionality from an...

9.8CVSS9AI score0.10371EPSS
Exploits8References20
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.6 views

(0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk cache service. The issue results from the lack of proper validation of user-supplied data,...

7.5CVSS7.7AI score0.00897EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.9 views

(0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the execglobals parameter provided to the validate endpoint. The issue results...

9.8CVSS7.6AI score0.10371EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.11 views

PT-2026-2002

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in the disk cache service of Langflow that allows remote attackers to execute arbitrary code on affected installations. Authentication is required for exploitation. The issue...

7.5CVSS8.1AI score0.00897EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-1999

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code. This does not require authentication. The issue is due to insufficient validation of user-supplied input...

9.8CVSS9AI score0.33827EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.9 views

(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of evalcustomcomponentcode function. The issue results from the lack of prop...

9.8CVSS7.6AI score0.33827EPSS
Exploits1
Veracode
Veracode
added 2026/01/07 5:7 a.m.9 views

Improper Authentication

Langflow is vulnerable to Improper Authentication. The vulnerability is due to missing authentication and authorization checks on critical API endpoints, which allows an unauthenticated attacker to access sensitive user data and perform unauthorized destructive operations...

9.3CVSS7.2AI score0.20655EPSS
Exploits1References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/03 7:53 p.m.7 views

CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS7.1AI score0.20655EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 9:11 p.m.10 views

GHSA-C5CP-VX83-JHQX Langflow Missing Authentication on Critical API Endpoints

Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal dat...

9.3CVSS7.2AI score0.20655EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/02 9:11 p.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function on the critical API endpoints messages, transactions, and session, handling sensitive user data and system operations. An unauthenticated attacker can access confidential conversation data an...

9.3CVSS5.9AI score0.20655EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/01/02 9:11 p.m.13 views

Langflow Missing Authentication on Critical API Endpoints

Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal dat...

9.3CVSS7.3AI score0.20655EPSS
Exploits1References5Affected Software2
NVD
NVD
added 2026/01/02 8:16 p.m.8 views

CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS0.20655EPSS
Exploits1References2
CVE
CVE
added 2026/01/02 7:11 p.m.46 views

CVE-2026-21445

CVE-2026-21445 (Langflow) : Multiple critical API endpoints expose data and allow destructive actions due to missing authentication controls. Affected endpoints include GET /api/v1/monitor/messages, GET /api/v1/monitor/transactions, and DELETE /api/v1/monitor/messages/session/{session_id}. Eviden...

9.3CVSS6.7AI score0.20655EPSS
In wildExploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/02 7:11 p.m.114 views

CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS0.20655EPSS
Exploits1References2
Rows per page
Query Builder