137 matches found
CVE-2026-9103
CVE-2026-9103 affects Langflow OSS 1.0.0–1.10.0. The root cause is improper authentication in the /api/v1/login/auto_login endpoint, which issues long‑lived superuser tokens when AUTO_LOGIN is enabled (default). Combined with permissive CORS, this can expose tokens to unintended origins and enabl...
EUVD-2026-45258
IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/autologin endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTOLOGIN configuration is enabl...
CVE-2026-9103 Unauthenticated Superuser Token Issuance via Auto-Login Endpoint
IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/autologin endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTOLOGIN configuration is enabl...
CVE-2026-9198
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...
EUVD-2026-45236
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...
CVE-2026-9198
IBM Langflow OSS versions 1.0.0–1.10.0 are affected by CVE-2026-9198: unauthenticated attackers chain /api/v1/auto_login (issues superuser tokens) with /api/v1/validate/code (exec() of user code) to achieve full RCE on default deployments. The root cause is the combination of an open auto-login e...
CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...
CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...
EUVD-2026-45235
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEWUSERISACTIVE=true documented deployment option, newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need...
PT-2026-60834
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW USER IS ACTIVE=true documented deployment option, newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the ne...
EUVD-2026-44876
The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is...
Security Bulletin: Unauthenticated Superuser Token Issuance via Auto-Login Endpoint
Summary An unauthenticated endpoint in the login API allowed any network-reachable attacker to obtain a 365-day superuser bearer token without requiring any credentials. The /api/v1/login/autologin endpoint issued tokens when the AUTOLOGIN configuration defaulted to True, enabling complete...
GHSA-MCH8-WF3H-6X88 Admidio writes session IDs and auto-login cookie values to application logs
Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...
Admidio writes session IDs and auto-login cookie values to application logs
Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...
PT-2026-45044
Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...
Exploit for Code Injection in Langflow
CVE-2026-33017 — Langflow Unauthenticated Remote Code Executio...
PT-2026-41428
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...
EUVD-2026-30255
The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwarsaverecipe AJAX handler. This makes it possible for unauthenticated...
Exploit for CVE-2026-33017
CVE-2026-33017-Langflow-RCE-PoC The vulnerability in Langflow...
Exploit for CVE-2026-0770
CVE-2026-0770 - Langflow Remote Code Execution Summary La...