PT-2026-51099

Name of the Vulnerable Software and Affected Versions langflow versions prior to 1.9.1 Description An Insecure Direct Object Reference IDOR exists in the '/api/v1/responses' endpoint. This issue allows an authenticated attacker to execute any flow belonging to another user by specifying the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: Do not pass flowid to setrpscpu. The responsible commit made the assumption that the RPS table for each receive queue would have the same size and would not change. When computing flowid in setrpscpu, do not assume that...

SUSE CVE-2026-43208

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

Linux Distros Unpatched Vulnerability : CVE-2026-43208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table fo...

EUVD-2026-27771

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

CVE-2026-43208

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

CVE-2026-43208 net: do not pass flow_id to set_rps_cpu()

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

CVE-2026-43208

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

CVE-2026-43208

The CVE-2026-43208 entry describes a Linux kernel networking vulnerability where an incorrect assumption about the Receive Packet Steering (RPS) table size/immutability leads to out-of-bounds access when computing the flow_id in set_rps_cpu(). The fix requires computing flow_id within set_rps_cpu...

CVE-2026-6542 Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...

CVE-2026-6542 Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the downloadimage endpoint. An attacker can access and download image files belonging to any flow by knowing or guessing the flow ID and file name. Remediation There is no fixed version for langflow-base...

CVE-2026-5022 Langflow - Missing Authorization on download_image Endpoint

The '/api/v1/files/images/flowid/filename' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing or guessing the flow ID and file name...

CVE-2026-33484

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

Improper Input Validation

flowise is vulnerable to improper input validation. The vulnerability is due to missing validation of chatflowId and chatId parameters, which allows an attacker to access arbitrary files through improper handling of file upload operations...

CVE-2025-1840

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be launched...

CVE-2025-0795

A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...