Langflow, a popular open-source platform for building and deploying AI agents and workflows, has disclosed a series of...
Langflow, a popular open-source platform for building and deploying AI agents and workflows, has disclosed a series of critical security vulnerabilities between June 16 and June 29, 2026, as recorded in multiple OSV advisories.
signal brief
Langflow, a popular open-source platform for building and deploying AI agents and workflows, has disclosed a series of critical security vulnerabilities between June 16 and June 29, 2026, as recorded in multiple OSV advisories. The vulnerabilities include:
- CVE-2026-48519 (GHSA-v5ff-9q35-q26f): Unauthenticated Remote Code Execution through the Shareable Playground feature, allowing arbitrary code execution on the server (source).
- CVE-2026-48520 (GHSA-rcjh-r59h-gq37): Arbitrary file read via Shareable Playground, exposing local or S3 files (source).
- CVE-2026-42867 (GHSA-79ph-745m-6wxq): Path traversal in Knowledge Bases API (source).
- CVE-2026-55423 (GHSA-7hw8-6q6r-4276): Session not cleared on logout (source).
- CVE-2026-33760 (GHSA-9c59-2mvc-vfr8): IDOR/BOLA on Monitor API endpoints (source).
- CVE-2026-55447 (GHSA-ccv6-r384-xp75): Arbitrary file read with RCE via BaseFileComponent (source).
- CVE-2026-55255 (GHSA-qrpv-q767-xqq2): IDOR in
/api/v1/responses(source). - CVE-2026-55446 (GHSA-qwqc-p3q8-wcg9): Unauthenticated DoS via multipart boundary (source).
- CVE-2026-55450 (GHSA-x223-p2gf-v735): Unauthenticated file upload leading to DoS and info leak (source).
- CVE-2026-27966, CVE-2026-42048, CVE-2026-33017 (additional RCE and path traversal vulnerabilities sources, source, source).
These vulnerabilities, many critical, affect multiple versions prior to 1.9.2, 1.10.0, or 1.9.1. The breadth of issues — particularly unauthenticated RCE — severely undermines trust in the platform. Users and enterprises relying on Langflow for production AI workflows face immediate risk of data exposure, system compromise, and service disruption. The rapid disclosure of 10+ CVEs in two weeks suggests a systemic security review gap. While patches are available, the damage to Langflow's reputation may slow adoption and lead existing users to seek alternatives. This event signals a significant trust and security risk for the Langflow ecosystem.
evidence
- https://pypi.org/project/langflow/web
- https://osv.dev/vulnerability/GHSA-79ph-745m-6wxqweb
- https://osv.dev/vulnerability/GHSA-7hw8-6q6r-4276web
- https://osv.dev/vulnerability/GHSA-9c59-2mvc-vfr8web
- https://osv.dev/vulnerability/GHSA-ccv6-r384-xp75web
- https://osv.dev/vulnerability/GHSA-qrpv-q767-xqq2web
- https://osv.dev/vulnerability/GHSA-qwqc-p3q8-wcg9web
- https://osv.dev/vulnerability/GHSA-rcjh-r59h-gq37web
- https://osv.dev/vulnerability/GHSA-v5ff-9q35-q26fweb
- https://osv.dev/vulnerability/GHSA-x223-p2gf-v735web
- https://osv.dev/vulnerability/PYSEC-2026-221web
- https://osv.dev/vulnerability/PYSEC-2026-222web
- https://osv.dev/vulnerability/PYSEC-2026-223web
- https://osv.dev/vulnerability/PYSEC-2026-224web
- https://osv.dev/vulnerability/PYSEC-2026-242web
- https://osv.dev/vulnerability/PYSEC-2026-243web
- https://osv.dev/vulnerability/PYSEC-2026-244web
- https://osv.dev/vulnerability/PYSEC-2026-376web
- https://osv.dev/vulnerability/PYSEC-2026-377web
- https://osv.dev/vulnerability/PYSEC-2026-378web
- https://osv.dev/vulnerability/PYSEC-2026-379web
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.