CVE-2026-6596

LangFlow (langflow-ai) up to version 1.1.0 has a vulnerability in the API endpoint, specifically in create_upload_file (src/backend/base/Langflow/api/v1/endpoints.py). The flaw allows unrestricted file uploads and can be exploited remotely. Exploitation is supported by public disclosures; multipl...

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...