Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

Vulnerability IDOR in GET/PATCH/DELETE /api/v1/flow/flowid The readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enabled, neither branch enforced an ownership chec...

PT-2026-28597

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.5.1 Description Langflow is a tool for building and deploying AI-powered agents and workflows. A flaw exists in the read flow helper within src/backend/base/langflow/api/v1/flows.py. The code branched on the AUTO...

CVE-2023-53511 io_uring: fix fget leak when fs don't support nowait buffered read

In the Linux kernel, the following vulnerability has been resolved: iouring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using iouring doing link-cp on ocfs2. 1 Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile...