AI Threat Alert

Langflow Vulnerabilities

pip LLM Frameworks
77
Risk Score
41
Total CVEs
10
Critical
pip
Ecosystem
May 5, 2026
Last CVE
31%
Patch Rate
53d
Avg Time to Patch
148,283 stars 9,006 forks 916 issues Last push May 17, 2026
View on GitHub

Known Vulnerabilities (41 total, page 1 of 2)

Severity CVE ID Summary CVSS Published
CRITICAL CVE-2026-42048 Langflow: path traversal allows arbitrary directory deletion 9.6 May 5, 2026 MEDIUM CVE-2026-7700 Langflow: eval() code injection → remote code execution 6.3 May 3, 2026 MEDIUM CVE-2026-7687 Langflow: command injection in code parser enables RCE 6.3 May 3, 2026 HIGH CVE-2026-6543 Langflow: RCE exposes API keys and DB credentials 8.8 Apr 30, 2026 HIGH CVE-2026-6542 Langflow: IDOR exposes cross-tenant flow data and deletion 8.1 Apr 30, 2026 MEDIUM CVE-2026-3345 Langflow: path traversal allows arbitrary file read 6.5 Apr 30, 2026 HIGH CVE-2026-4503 Langflow Desktop: IDOR leaks user images unauthenticated 7.5 Apr 30, 2026 MEDIUM CVE-2026-4502 Langflow: path traversal enables arbitrary file write 6.5 Apr 30, 2026 MEDIUM CVE-2026-3346 Langflow Desktop: stored XSS enables credential theft 6.4 Apr 30, 2026 MEDIUM CVE-2026-3340 IBM Langflow: SSRF enables internal network enumeration 6.5 Apr 30, 2026 LOW CVE-2026-6600 Langflow: stored XSS in chat message editor 3.5 Apr 20, 2026 MEDIUM CVE-2026-6599 Langflow: MCP config injection via X-Forwarded-For header 6.3 Apr 20, 2026 MEDIUM CVE-2026-6598 Langflow: cleartext auth storage exposes API keys 4.3 Apr 20, 2026 LOW CVE-2026-6597 langflow: Plaintext credential storage via Flow API 2.7 Apr 20, 2026 HIGH CVE-2026-6596 Langflow: unauthenticated file upload allows RCE 7.3 Apr 20, 2026 HIGH CVE-2026-3357 Langflow: deserialization RCE via FAISS component default 8.8 Apr 8, 2026 UNKNOWN CVE-2026-34046 Langflow: IDOR exposes flows and plaintext API keys -- Mar 27, 2026 UNKNOWN CVE-2026-33873 Langflow: server-side RCE via LLM-generated code exec -- Mar 27, 2026 HIGH CVE-2026-33497 langflow: Path Traversal enables file access 7.5 Mar 24, 2026 HIGH CVE-2026-33484 langflow: Access Control bypass enables privilege escalation 7.5 Mar 24, 2026 CRITICAL CVE-2026-33475 langflow: security flaw enables exploitation 9.1 Mar 24, 2026 CRITICAL CVE-2026-33309 langflow: Path Traversal enables file access 9.9 Mar 24, 2026 HIGH CVE-2026-33053 langflow: IDOR enables unauthorized data access 8.8 Mar 20, 2026 CRITICAL CVE-2026-33017 langflow: Code Injection enables RCE 9.8 Mar 20, 2026 CRITICAL CVE-2026-27966 langflow: Code Injection enables RCE 9.8 Feb 26, 2026

Showing 1–25 of 41

Next →

Monitor Langflow in your stack

Get instant alerts when new vulnerabilities affect Langflow. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring