Lucene search
K

68 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 8:14 p.m.4 views

Security Bulletin: Weak Cryptographic Key Derivation Exposed All Stored Credentials

Summary A critical vulnerability in the credential encryption system allowed attackers to decrypt all stored API keys, database passwords, and OAuth tokens. The system used Python's non-cryptographic Mersenne Twister PRNG seeded with the SECRETKEY to derive Fernet encryption keys for credentials...

9.1CVSS5.8AI score0.00164EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-55447

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

9.6CVSS0.00411EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:28 p.m.5 views

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

9.9CVSS6AI score0.00467EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/23 4:28 p.m.5 views

CVE-2026-55255 Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

8.4CVSS6.2AI score0.00467EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:21 p.m.3 views

CVE-2026-55447

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

9.6CVSS5.9AI score0.00411EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/22 2:16 p.m.13 views

CVE-2026-10561

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise...

10CVSS0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS4.9AI score0.00152EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/22 5:47 a.m.19 views

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below -...

9.4CVSS8.1AI score0.7889EPSS
Exploits3
CISA
CISA
added 2026/05/21 12:0 p.m.13 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-34291link is external Langflow Origin Validation Error Vulnerability CVE-2026-34926link is external Trend Micro Apex One On-Premise Directory Traversal...

9.4CVSS7.4AI score0.7889EPSS
In wildExploits3References7
Vulnrichment
Vulnrichment
added 2026/05/03 2:15 p.m.7 views

CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

6.5CVSS6.3AI score0.00291EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 3:0 a.m.21 views

CVE-2026-6599

The CVE-2026-6599 entry concerns langflow-ai langflow (up to v1.8.3) with a flaw in the Model Context Protocol Configuration API. The affected element is the file src/backend/base/langflow/api/v1/mcp_projects.py, specifically the install_mcp_config function (and mention of get_client_ip). Manipul...

6.5CVSS6.3AI score0.00232EPSS
Exploits0References4
Veracode
Veracode
added 2026/03/28 5:32 a.m.21 views

Arbitrary Code Injection

Langflow is vulnerable to Arbitrary Code Injection. The vulnerability is due to the validation process dynamically executing LLM‑generated Python code via exec, where the validation routine runs the generated code and an attacker who can influence the model output can achieve arbitrary server‑sid...

9.9CVSS6.1AI score0.01426EPSS
Exploits1References17Affected Software1
CVE
CVE
added 2026/03/27 8:6 p.m.17 views

CVE-2026-34046

Summary : CVE-2026-34046 affects Langflow prior to 1.5.1, where the _read_flow) path could bypass ownership checks when AUTO_LOGIN was false, allowing any authenticated user to read, modify, or delete flows owned by others, potentially exposing embedded plaintext API keys. Affected component : La...

8.8CVSS5.9AI score0.00406EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/03/20 7:16 a.m.7 views

CVE-2026-33053

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the deleteapikeyroute endpoint accepts an apikeyid path parameter and deletes it with only a generic authentication check getcurrentactiveuser dependency. However, the deleteapikey CRUD...

8.8CVSS0.0039EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/08 10:7 a.m.154 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Langflow

Langflow Exploit Tool - CVE-2026-0770 📋 Table of Contents...

9.8CVSS5.9AI score0.10371EPSS
Exploits8
EUVD
EUVD
added 2026/02/27 3:47 p.m.6 views

EUVD-2026-8819

Langflow has Remote Code Execution in CSV Agent...

9.8CVSS6AI score0.33694EPSS
Exploits4References3
NVD
NVD
added 2026/02/26 2:16 a.m.13 views

CVE-2026-27966

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

9.8CVSS0.33694EPSS
Exploits4References2
Cvelist
Cvelist
added 2026/02/26 1:55 a.m.32 views

CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

9.8CVSS0.33694EPSS
Exploits4References2
OSV
OSV
added 2026/02/26 1:55 a.m.13 views

CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

9.8CVSS6.3AI score0.33694EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.18 views

PT-2026-22107

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.8.0 Description Langflow is a tool for building and deploying AI-powered agents and workflows. In the CSV Agent node, the variable allow dangerous code is hardcoded to True, which automatically exposes LangChain's...

9.8CVSS8AI score0.33694EPSS
Exploits4References27
Rows per page
Query Builder