2 matches found
GHSA-RVQX-WPFH-MFX7 Langflow Unauth RCE
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...
PT-2025-15232
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.3.0 Description Langflow is susceptible to unauthenticated remote code execution RCE due to missing authentication in the HTTP Request Handler. A remote attacker can send crafted HTTP requests to the...