CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

CVE-2026-21445

Langflow CVE-2026-21445 affects the Langflow API prior to version 1.7.0.dev45, where three endpoints lack authentication: GET /api/v1/monitor/messages, GET /api/v1/monitor/transactions, and DELETE /api/v1/monitor/messages/session/{session_id}. The underlying issue is missing authentication depend...

CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

Langflow 访问控制错误漏洞

Langflow is a Langflow open source visualization framework for building multi-agent and RAG applications. An access control error vulnerability exists in Langflow versions prior to 1.7.0.dev45 that stems from a lack of authentication controls across multiple critical API endpoints, which could...

PT-2026-1123

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0.dev45 Description Langflow, a tool for building and deploying AI-powered agents and workflows, has several critical API endpoints missing authentication controls. This allows any unauthenticated user to access...