Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.26 views

PT-2026-51099

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An Insecure Direct Object Reference IDOR issue exists in the /api/v1/responses endpoint. This occurs because the get flow by id or endpoint name function in src/backend/base/langflow/helpers/flow.py...

8.4CVSS6.3AI score0.0056EPSS
Exploits2References59
Vulnrichment
Vulnrichment
added 2026/03/27 8:6 p.m.2 views

CVE-2026-34046 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enable...

8.7CVSS5.9AI score0.00468EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 8:6 p.m.4 views

CVE-2026-34046 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enable...

8.7CVSS5.9AI score0.00468EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 7:36 p.m.4 views

GHSA-8C4J-F57C-35CF Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

Vulnerability IDOR in GET/PATCH/DELETE /api/v1/flow/flowid The readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enabled, neither branch enforced an ownership chec...

8.7CVSS5.9AI score0.00468EPSS
Exploits0References4
Snyk
Snyk
added 2024/11/01 6:34 a.m.2 views

Missing Authorization

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Missing Authorization due to improper authorization checks to verify flow ownership in uploadfile function in files.py file. To exploit this vulnerability, an attacker need...

5.4CVSS7.2AI score
Exploits0References3
Rows per page
Query Builder