Lucene search
K

5 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-10560

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...

9.1CVSS0.00252EPSS
Exploits0References1
OSV
OSV
added 3 days ago5 views

PYSEC-2026-379 Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS6.8AI score0.98412EPSS
Exploits17References14
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.27 views

Langflow < 1.9.0 - Remote Code Execution

Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...

9.8CVSS6.7AI score0.98412EPSS
Exploits17References3
NVD
NVD
added 2026/03/20 5:16 a.m.10 views

CVE-2026-33017

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.8CVSS0.98412EPSS
Exploits17References7
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.5 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a security vulnerability. This vulnerability stems from the /api/v1/buildpublictmp/flowid/flow endpoint, which accepts process data...

9.8CVSS6.4AI score0.98412EPSS
Exploits17References5
Rows per page
Query Builder