| CVE-2026-33017 |
critical |
9.8 |
10.0 |
|
|
|
3mo ago |
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. |
| CVE-2025-34291 |
high |
8.8 |
10.0 |
|
|
|
6mo ago |
Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage… |
| CVE-2026-42048 |
critical |
9.6 |
9.6 |
|
|
|
23d ago |
Langflow Knowledge Bases API is Vulnerable to Path Traversal |
| CVE-2026-34046 |
high |
8.8 |
8.8 |
|
|
|
2mo ago |
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check |
| CVE-2025-3248 |
unknown |
— |
2.5 |
|
|
|
1y ago |
Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests. |
