7 matches found
Exploit for Cross-site Scripting in B3Log Siyuan
CVE-2026-33017 — Langflow Unauthenticated RCE Nuclei Template...
Langflow < 1.9.0 RCE (GHSA-vwmf-pq79-vjvx)
The version of Langflow installed on the remote host is prior to 1.9.0. It is, therefore, affected by a remote code execution vulnerability: - The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is...
Unauthenticated Remote Code Execution In Langflow Via Public Flow Build Endpoint
Summary The "POST /api/v1/buildpublictmp/flowid/flow" endpoint allows building public flows without requiring authentication. When the optional "data" parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored...
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...
PT-2026-25992
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow contains a flaw in the 'POST /api/v1/build public tmp/flow id/flow' endpoint that allows unauthenticated remote code execution. The endpoint is designed to build public flows without...