Lucene search
K

6 matches found

NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

9.9CVSS0.00233EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/21 3:51 p.m.3 views

Security Bulletin: Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS

Summary Langflow OSS POST /api/v1/webhook/flowid executes any user's flow without authentication by default. Setting WEBHOOKAUTHENABLE defaults to False in auth configuration. When False, webhook handler calls getuserbyflowidorendpointname and trusts caller unconditionally with no credential chec...

9.8CVSS5.9AI score0.00277EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/11 2:41 p.m.27 views

CVE-2026-7787

CVE-2026-7787 affects Langflow OSS versions 1.0.0–1.9.1. A session ID namespace bypass in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows unauthenticated attackers to read or modify chat history by overriding the session_id used during flow execution when a PUBLIC flow includes a...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 2:41 p.m.9 views

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS5.5AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 2:41 p.m.32 views

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0596

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.03558EPSS
Exploits0References4
Rows per page
Query Builder