Lucene search
K

368638 matches found

CVE
CVE
added 4 days ago7 views

CVE-2026-7667

The CVE-2026-7667 entry is supported by IBM's security bulletin for Langflow OSS, which describes a path traversal vulnerability in the API Request component’s response handling. An authenticated attacker can induce a victim using save_to_file=True to fetch a crafted Content-Disposition header fr...

Exploits0
CVE
CVE
added 4 days ago9 views

CVE-2026-7754

CVE-2026-7754 affects Langflow OSS 1.0.0–1.10.0. SSRF protection could be disabled via default settings (ssrf_protection_enabled) allowing server-side requests to arbitrary URLs, including cloud metadata endpoints. The issue is fixed in Langflow OSS by upgrading to version 1.10.1; current default...

Exploits0
CVE
CVE
added 4 days ago10 views

CVE-2026-9202

Langflow OSS is affected: unauthenticated attackers can create unlimited user accounts on vulnerable instances. If NEW_USER_IS_ACTIVE is enabled, new accounts become active immediately and can access RCE endpoints, potentially achieving remote code execution with server privileges. Affected versi...

Exploits0
CVE
CVE
added 4 days ago10 views

CVE-2026-12946

CVE-2026-12946 is associated with IBM’s security bulletin describing a remote code execution vulnerability in the CUGA component CodeAgent used by Langflow OSS. An authenticated user could run arbitrary commands on the server when a flow using CodeAgent is created and executed, via the Python cod...

Exploits0
CVE
CVE
added 4 days ago12 views

CVE-2026-9198

CVE-2026-9198: IBM security bulletin describes Langflow OSS 1.0.0–1.10.0 as vulnerable to unauthenticated remote code execution by chaining /api/v1/auto_login (mints superuser tokens) with /api/v1/validate/code (executes code). Root cause CWE-94: improper code generation/validation. Impact: full ...

Exploits0
CVE
CVE
added 4 days ago12 views

CVE-2026-9103

Langflow OSS versions 1.0.0–1.10.0 are affected by CVE-2026-9103 due to an unauthenticated /api/v1/login/auto_login endpoint that issues long‑lived 365‑day superuser tokens when AUTO_LOGIN is enabled (default). This also combines with permissive CORS, risking token exposure. Upgrading to Langflow...

Exploits0
CVE
CVE
added 4 days ago8 views

CVE-2026-52731

Technical details for CVE-2026-52731 are not publicly available in the provided documents. Monitor for updates.

Exploits0References5
CVE
CVE
added 4 days ago11 views

CVE-2026-8635

CVE-2026-8635 is linked to IBM’s Security Bulletin about a vulnerability in the Python Interpreter component of Langflow OSS. The issue allows authenticated users to execute arbitrary code and escalate to superuser level by manipulating the database and bypassing sandboxing/validation, potentiall...

Exploits0
CVE
CVE
added 4 days ago14 views

CVE-2026-8859

CVE-2026-8859 relates to a path traversal vulnerability in Langflow OSS (versions 1.0.0–1.10.0) within the APIRequest component’s “Save to File” feature. Filenames parsed from server-controlled Content-Disposition headers were not sanitized before joining with a temporary directory path, allowing...

Exploits0
CVE
CVE
added 4 days ago9 views

CVE-2026-8481

CVE-2026-8481 : A remote code execution vulnerability exists in Langflow OSS (versions 1.0.0–1.10.0) via the code validation API endpoint. The endpoint POST /api/v1/validate/code executes user-supplied Python code with exec() without sandboxing, input validation, or privilege restrictions, allowi...

Exploits0
CVE
CVE
added 4 days ago10 views

CVE-2026-8476

The IBM bulletin confirms CVE-2026-8476 affects Langflow OSS (versions 1.0.0–1.10.0) via unsafe pickle deserialization in the AsyncDiskCache, enabling remote code execution with the server process privileges. Mitigation: upgrade Langflow OSS to 1.10.1; no workaround is listed.

Exploits0
CVE
CVE
added 4 days ago10 views

CVE-2026-8505

CVE-2026-8505 is a vulnerability in Langflow OSS (versions 1.0.0–1.10.0) where webhook authentication can be bypassed. The issue arises when WEBHOOK_AUTH_ENABLE is set to False (default), allowing unauthenticated users who know a flow UUID to execute that flow, potentially causing Remote Code Exe...

Exploits0
CVE
CVE
added 4 days ago11 views

CVE-2026-49255

Technical details for CVE-2026-49255 are not publicly available in the provided documents. Monitor for updates.

0.00072EPSS
Exploits0References5
CVE
CVE
added 4 days ago11 views

CVE-2026-49254

Technical details for CVE-2026-49254 are not publicly available in the provided documents. Monitor for updates.

Exploits0References5
CVE
CVE
added 4 days ago8 views

CVE-2026-49253

Technical details for CVE-2026-49253 are not publicly available in the provided documents. Monitor for updates.

0.00034EPSS
Exploits0References5
CVE
CVE
added 4 days ago9 views

CVE-2026-49250

Technical details for CVE-2026-49250 are not publicly available in the provided documents. Monitor for updates and future disclosures.

Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-12944

CVE-2026-12944 is a vulnerability in Langflow OSS (versions 1.0.0–1.10.0) where attacker-supplied components containing socket or urllib imports can trigger server-side arbitrary Python code execution with root privileges on the Langflow server. The underlying issue arises from an incomplete secu...

Exploits0
CVE
CVE
added 4 days ago10 views

CVE-2026-49852

Technical details for CVE-2026-49852 are not publicly available in the provided documents. This CVE entry remains reserved; monitor for updates as information is released.

Exploits0References11
CVE
CVE
added 4 days ago7 views

CVE-2026-49245

Technical details for CVE-2026-49245 are not publicly available in the provided documents. Monitor for updates.

0.00028EPSS
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-49244

Technical details are not publicly available in the provided documents for CVE-2026-49244; this CVE entry is reserved placeholder. Monitor for updates.

0.00057EPSS
Exploits0References4
Rows per page
Query Builder