Langflow
AI Threat Alert tracks 19 known AI/ML vulnerabilities affecting Langflow products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Langflow CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-27966 | langflow: Code Injection enables RCE | langflow | 9.8 |
| HIGH | CVE-2026-33053 | langflow: IDOR enables unauthorized data access | langflow | 8.8 |
| CRITICAL | CVE-2024-37014 | Langflow: unauthenticated RCE via custom component API | langflow | 9.8 |
| HIGH | CVE-2024-7297 | Langflow: mass assignment grants super admin access | langflow | 8.8 |
| MEDIUM | CVE-2024-9277 | Langflow: ReDoS crashes LLM workflow backend via HTTP POST | langflow | 6.5 |
| CRITICAL | CVE-2024-42835 | Langflow: Unauthenticated RCE via PythonCodeTool | langflow | 9.8 |
| CRITICAL | CVE-2024-48061 | Langflow: RCE via unsandboxed code component execution | langflow | 9.8 |
| CRITICAL | CVE-2025-3248 | Langflow: Unauth RCE via code injection endpoint | langflow | 9.8 |
| HIGH | CVE-2025-57760 | Langflow: privilege escalation to full superuser via CLI | langflow | 8.8 |
| HIGH | CVE-2025-34291 | langflow: security flaw enables exploitation | langflow | 8.8 |
| MEDIUM | CVE-2025-68477 | langflow: SSRF allows internal network access | langflow | 6.5 |
| HIGH | CVE-2025-68478 | langflow: File Control enables path manipulation | langflow | 7.1 |
| CRITICAL | CVE-2026-21445 | langflow: Missing Auth allows unauthenticated access | langflow | 9.1 |
| UNKNOWN | CVE-2026-0768 | langflow: Code Injection enables RCE | langflow | - |
| UNKNOWN | CVE-2026-0769 | langflow: Code Injection enables RCE | langflow | - |
| HIGH | CVE-2026-0770 | langflow: security flaw enables exploitation | langflow | - |
| UNKNOWN | CVE-2026-0771 | langflow: Code Injection enables RCE | langflow | - |
| UNKNOWN | CVE-2026-0772 | langflow: Deserialization enables RCE | langflow | - |
| CRITICAL | CVE-2026-33475 | langflow: security flaw enables exploitation | langflow | 9.1 |
Frequently asked questions
How many known vulnerabilities affect Langflow?
19 AI/ML CVEs affecting Langflow products are tracked, sourced from NVD and GitHub Advisory.
What Langflow products are affected?
The CVEs below map to the Langflow AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Langflow vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Langflow for new vulnerabilities?
AI Threat Alert tracks Langflow continuously; a Pro subscription adds breaking alerts when new CVEs affecting Langflow are published.
How do I assess Langflow's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Langflow issues first and judge the exposure for your stack.