On 2026-06-16, OSV.dev published four security advisories covering critical vulnerabilities in Langflow, including an...

On 2026-06-16, OSV.dev published four security advisories covering critical vulnerabilities in Langflow, including an unauthenticated remote code execution (RCE) via Shareable Playgrounds (GHSA-v5ff-9q35-q26f), an arbitrary local or S3 file read through the same feature (GHSA-rcjh-r59h-gq37), a path traversal in the Knowledge Bases API (GHSA-79ph-745m-6wxq), and an IDOR/BOLA in the Monitor API affecting 7 endpoints (GHSA-9c59-2mvc-vfr8). These vulnerabilities (CVE-2026-42867, CVE-2026-33760, CVE-2026-48520, CVE-2026-48519) allow attackers to execute arbitrary code, read files, and access unauthorized data. The RCE and unauthenticated access issues pose severe risks to users who deploy Langflow in exposed environments, potentially compromising entire AI workflows and underlying infrastructure. While Langflow maintains active development (dev releases 1.11.0.dev2 through .dev10 in the preceding week), no patch for these CVEs has been noted in the latest dev release. The disclosure significantly undermines user trust and enterprise adoption prospects, especially given Langflow's positioning as a tool for building and deploying AI agents. Users are advised to restrict network access and await fixes.