AI Threat Alert

Langflow Vulnerabilities

pip LLM Frameworks
77
Risk Score
41
Total CVEs
10
Critical
pip
Ecosystem
May 5, 2026
Last CVE
31%
Patch Rate
53d
Avg Time to Patch
148,283 stars 9,006 forks 916 issues Last push May 17, 2026
View on GitHub

Known Vulnerabilities (41 total, page 2 of 2)

Severity CVE ID Summary CVSS Published
UNKNOWN CVE-2026-0772 langflow: Deserialization enables RCE -- Jan 23, 2026 UNKNOWN CVE-2026-0771 langflow: Code Injection enables RCE -- Jan 23, 2026 HIGH CVE-2026-0770 langflow: security flaw enables exploitation -- Jan 23, 2026 UNKNOWN CVE-2026-0769 langflow: Code Injection enables RCE -- Jan 23, 2026 UNKNOWN CVE-2026-0768 langflow: Code Injection enables RCE -- Jan 23, 2026 CRITICAL CVE-2026-21445 langflow: Missing Auth allows unauthenticated access 9.1 Jan 2, 2026 HIGH CVE-2025-68478 langflow: File Control enables path manipulation 7.1 Dec 19, 2025 MEDIUM CVE-2025-68477 langflow: SSRF allows internal network access 6.5 Dec 19, 2025 HIGH CVE-2025-34291 langflow: security flaw enables exploitation 8.8 Dec 5, 2025 HIGH CVE-2025-57760 Langflow: privilege escalation to full superuser via CLI 8.8 Aug 25, 2025 CRITICAL CVE-2025-3248 Langflow: Unauth RCE via code injection endpoint 9.8 Apr 7, 2025 CRITICAL CVE-2024-48061 Langflow: RCE via unsandboxed code component execution 9.8 Nov 4, 2024 CRITICAL CVE-2024-42835 Langflow: Unauthenticated RCE via PythonCodeTool 9.8 Oct 31, 2024 MEDIUM CVE-2024-9277 Langflow: ReDoS crashes LLM workflow backend via HTTP POST 6.5 Sep 27, 2024 HIGH CVE-2024-7297 Langflow: mass assignment grants super admin access 8.8 Jul 30, 2024 CRITICAL CVE-2024-37014 Langflow: unauthenticated RCE via custom component API 9.8 Jun 10, 2024

Showing 26–41 of 41

← Previous

Monitor Langflow in your stack

Get instant alerts when new vulnerabilities affect Langflow. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring