CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

CVE-2026-21445

CVE-2026-21445 (Langflow) : Multiple critical API endpoints expose data and allow destructive actions due to missing authentication controls. Affected endpoints include GET /api/v1/monitor/messages, GET /api/v1/monitor/transactions, and DELETE /api/v1/monitor/messages/session/{session_id}. Eviden...

CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

PT-2026-1123

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0.dev45 Description Langflow, a tool for building and deploying AI-powered agents and workflows, has several critical API endpoints missing authentication controls. This allows any unauthenticated user to access...

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

A new set of malicious packages has been unearthed in the Python Package Index PyPI repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust...