801 matches found
Langflow code issues and vulnerabilities
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has code-related vulnerabilities; these vulnerabilities stem from the lack of validation for data provided by the disk caching service, which may lead to the...
Langflow code injection vulnerability
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a code injection vulnerability, which arises from the possibility of introducing custom code when handling Python function components. This vulnerability may lead t...
(0Day) Langflow code Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code parameter provided to the validate endpoint. The issue results from th...
PT-2026-2001
Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow related to the handling of Python function components, potentially allowing remote attackers to execute arbitrary code on affected systems. An attacker may be able ...
PT-2026-1998
Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient...
(0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exists within the handling of Python function components. Depending upon product...
PT-2026-2000
Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code. Authentication is not required for exploitation. The issue stems from the inclusion of functionality from an...
(0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk cache service. The issue results from the lack of proper validation of user-supplied data,...
(0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the execglobals parameter provided to the validate endpoint. The issue results...
PT-2026-2002
Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in the disk cache service of Langflow that allows remote attackers to execute arbitrary code on affected installations. Authentication is required for exploitation. The issue...
PT-2026-1999
Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code. This does not require authentication. The issue is due to insufficient validation of user-supplied input...
(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of evalcustomcomponentcode function. The issue results from the lack of prop...
Improper Authentication
Langflow is vulnerable to Improper Authentication. The vulnerability is due to missing authentication and authorization checks on critical API endpoints, which allows an unauthenticated attacker to access sensitive user data and perform unauthorized destructive operations...
CVE-2026-21445
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...
GHSA-C5CP-VX83-JHQX Langflow Missing Authentication on Critical API Endpoints
Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal dat...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function on the critical API endpoints messages, transactions, and session, handling sensitive user data and system operations. An unauthenticated attacker can access confidential conversation data an...
Langflow Missing Authentication on Critical API Endpoints
Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal dat...
CVE-2026-21445
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...
CVE-2026-21445
CVE-2026-21445 (Langflow) : Multiple critical API endpoints expose data and allow destructive actions due to missing authentication controls. Affected endpoints include GET /api/v1/monitor/messages, GET /api/v1/monitor/transactions, and DELETE /api/v1/monitor/messages/session/{session_id}. Eviden...
CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...