Between June 16 and June 29, 2026, Langflow disclosed a series of critical vulnerabilities (CVE-2026-42867,...
Between June 16 and June 29, 2026, Langflow disclosed a series of critical vulnerabilities (CVE-2026-42867, CVE-2026-55423, CVE-2026-33760, CVE-2026-55447, CVE-2026-55255, CVE-2026-55446, CVE-2026-48520, CVE-2026-48519, CVE-2026-55450, and others) via OSV advisories.
confidence score
Strong evidence: 2 independent source classes support this read.
signal brief
Between June 16 and June 29, 2026, Langflow disclosed a series of critical vulnerabilities (CVE-2026-42867, CVE-2026-55423, CVE-2026-33760, CVE-2026-55447, CVE-2026-55255, CVE-2026-55446, CVE-2026-48520, CVE-2026-48519, CVE-2026-55450, and others) via OSV advisories. These include unauthenticated remote code execution (RCE) in Shareable Playgrounds (source 16), path traversal in Knowledge Bases API (source 2 and source 19), IDOR/BOLA vulnerabilities in monitor and responses endpoints (source 4, source 6), arbitrary file read through public flows (source 8), and denial-of-service via unauthenticated file upload (source 10). The vulnerabilities affect versions prior to patches released in 1.7.0, 1.9.0, 1.9.1, 1.9.2, 1.10.0, etc. A new dev release 1.11.0.dev33 (source 1) suggests ongoing development, but the volume and severity of CVEs erode trust. Enterprise users may delay adoption until security posture is proven.
What the sources said:
- Source 16: "Prior to 1.9.2, the 'Shareable Playground' ... contains a critical RCE vulnerability."
- Source 4: "Langflow's /api/v1/monitor router exposes 7 endpoints ... without verifying that the authenticated requester owns the targeted resource."
- Source 10: "Prior to 1.9.1, unauthenticated users can upload any amount of data ... without any limitations."
- Source 2: "Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint."
source data used
“A Python package with a built-in web application”
“Aliases: CVE-2026-42867 Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint”
“Aliases: CVE-2026-55423, PYSEC-2026-222 Langflow: Logout button does not clear session”
“Aliases: CVE-2026-33760, PYSEC-2026-242 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints”
“Aliases: CVE-2026-55447, PYSEC-2026-378 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit”
“Aliases: CVE-2026-55255, PYSEC-2026-221 Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow”
“Aliases: CVE-2026-55446, PYSEC-2026-223 Langflow: Unauthenticated DoS through multipart form boundary file upload”
“Aliases: CVE-2026-48520, PYSEC-2026-244 Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read”
“Aliases: CVE-2026-48519, PYSEC-2026-243 Langflow: Unauthenticated RCE in Shareable Playgrounds”
“Aliases: CVE-2026-55450, PYSEC-2026-224 Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak”
“Aliases: CVE-2026-55255, GHSA-qrpv-q767-xqq2 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow...”
“Aliases: CVE-2026-55423, GHSA-7hw8-6q6r-4276 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly...”
“Aliases: CVE-2026-55446, GHSA-qwqc-p3q8-wcg9 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form...”
“Aliases: CVE-2026-55450, GHSA-x223-p2gf-v735 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any...”
“Aliases: CVE-2026-33760, GHSA-9c59-2mvc-vfr8 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages,...”
“Aliases: CVE-2026-48519, GHSA-v5ff-9q35-q26f Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by...”
“Aliases: CVE-2026-48520, GHSA-rcjh-r59h-gq37 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnerability, depending on the exact...”
“Aliases: CVE-2026-27966, GHSA-3645-fxcv-hqr4 Langflow has Remote Code Execution in CSV Agent”
“Aliases: CVE-2026-42048, GHSA-9whx-c884-c68q Langflow Knowledge Bases API is Vulnerable to Path Traversal”
“Aliases: CVE-2026-55447, GHSA-ccv6-r384-xp75 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit”
“Aliases: CVE-2026-33017, GHSA-vwmf-pq79-vjvx Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.