CVE-2026-48519

Langflow CVE-2026-48519 exposes unauthenticated RCE via the Shareable Playground. Affected: Langflow prior to 1.9.2. Vulnerable route: /api/v1/build_public_tmp permits executing any public flow; payloads can inject arbitrary Python code into data.nodes[X].data.node.template.code.value. Impact is ...

Langflow: Unauthenticated RCE in Shareable Playgrounds

Summary The "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe Details Shareable Playground feature works by enabling the...

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

CVE-2026-7787

CVE-2026-7787 affects Langflow OSS versions 1.0.0–1.9.1. A session ID namespace bypass in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows unauthenticated attackers to read or modify chat history by overriding the session_id used during flow execution when a PUBLIC flow includes a...

Security Bulletin: Unauthenticated Session History Access via Public Flow Execution

Summary A session ID namespace bypass vulnerability existed in Langflow OSS' POST /api/v1/buildpublictmp/flowid/flow endpoint that allowed unauthenticated attackers to access chat history from other users' sessions. The endpoint accepted an inputs.session parameter that could override the session...

Exploit for Cross-site Scripting in B3Log Siyuan

CVE-2026-33017 — Langflow Unauthenticated RCE Nuclei Template...

Langflow < 1.9.0 RCE (GHSA-vwmf-pq79-vjvx)

The version of Langflow installed on the remote host is prior to 1.9.0. It is, therefore, affected by a remote code execution vulnerability: - The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is...

Exploit for CVE-2026-33017

CVE-2026-33017-Langflow-RCE-PoC The vulnerability in Langflow...

Unauthenticated Remote Code Execution In Langflow Via Public Flow Build Endpoint

Summary The "POST /api/v1/buildpublictmp/flowid/flow" endpoint allows building public flows without requiring authentication. When the optional "data" parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored...

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 CVSS score: 9.3, is a case of missing...

CVE-2026-33017

Langflow CVE-2026-33017 describes unauthenticated remote code execution via the public build endpoint /api/v1/build_public_tmp/{flow_id}/flow on versions before 1.9.0. Attackers can supply attacker-controlled flow data containing arbitrary Python code; the flow build path passes this data into th...

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

GHSA-VWMF-PQ79-VJVX Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

PT-2026-25992

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is a visual framework used to build and deploy AI-powered agents and workflows. A critical issue exists in the "POST /api/v1/build public tmp/flow id/flow" endpoint, which is designed to...