Package impact
PyPI / langflow-base
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34046 | high | 8.8 | 8.8 | 2mo ago | Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check | |||
| CVE-2026-6596 | high | 7.3 | 7.3 | 2mo ago | Langflow: DoS Through Lack of File Size Restriction via Deprecated Unauthenticated File Upload API | |||
| CVE-2025-3248 | unknown | — | 2.5 | 1y ago | Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests. | |||
| CVE-2026-21445 | unknown | — | — | 5mo ago | Langflow Missing Authentication on Critical API Endpoints | |||
| CVE-2025-57760 | unknown | — | — | 9mo ago | Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) |