langflow
PyPI16 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting langflowpage 1 of 1
- CVE-2024-37014CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.0.0a32024-06-10
vulnerable: 0.0.31 ... 1.0.0a2 (165 versions)
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.
- CVE-2024-42835CRITICALCVSS 9.8EG 9.82024-10-31
vulnerable: 0.0.31 ... 1.0.9 (237 versions)
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
- CVE-2024-48061CRITICALCVSS 9.8EG 9.82024-11-04
vulnerable: 0.0.31 ... 1.0.9 (243 versions)
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
- CVE-2024-9277LOWCVSS 3.5EG 3.52024-09-27
vulnerable: 0.0.31 ... 1.0.9 (243 versions)
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. …
- CVE-2025-3248CRITICALCVSS 9.8EG 9.8⚠ KEV✓ Fixed in 1.3.02025-04-07
vulnerable: 0.0.31 ... 1.2.0 (253 versions)
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
- CVE-2025-34291HIGHCVSS 8.8EG 9.0⚠ KEV✓ Fixed in 1.7.02025-12-05
vulnerable: 0.0.31 ... 1.6.9 (276 versions)
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a re…
- CVE-2025-68477HIGHCVSS 7.7EG 7.7✓ Fixed in 1.7.12025-12-19
vulnerable: 0.0.31 ... 1.7.0 (277 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied UR…
- CVE-2025-68478HIGHCVSS 7.1EG 7.1✓ Fixed in 1.7.12025-12-19
vulnerable: 0.0.31 ... 1.7.0 (277 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrite…
- CVE-2026-21445CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.7.12026-01-02
vulnerable: 0.0.31 ... 1.7.0 (277 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to acce…
- CVE-2026-33017CRITICALCVSS 9.8EG 9.8⚠ KEV2026-03-20
vulnerable: 0.0.31 ... 1.8.2 (290 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the op…
- CVE-2026-33873CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.9.02026-03-27
vulnerable: 0.0.31 ... 1.8.4 (293 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears in…
- CVE-2026-34046HIGHCVSS 8.8EG 8.8✓ Fixed in 1.5.12026-03-27
vulnerable: 0.0.31 ... 1.5.0.post2 (265 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter …
- CVE-2026-42048CRITICALCVSS 9.6EG 9.6✓ Fixed in 1.9.02026-05-12
vulnerable: 0.0.31 ... 1.8.4 (293 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledg…
- CVE-2026-6597LOWCVSS 2.7EG 2.72026-04-20
vulnerable: 0.0.31 ... 1.8.3rc0 (292 versions)
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes un…
- CVE-2026-6598MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.9.12026-04-20
vulnerable: 0.0.31 ... 1.9.0 (294 versions)
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Cre…
- CVE-2026-6599MEDIUMCVSS 6.3EG 6.32026-04-20
vulnerable: 0.0.31 ... 1.8.3rc0 (292 versions)
A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Co…
Check whether langflow is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for langflow CVEs against the assets you own.
Start Free Scan →