← signals
2026-07-19·LANGFLOW·security risk
highdown

Multiple security advisories published via the OSV database (sourced from GitHub Security Advisories and NVD) reveal...

Multiple security advisories published via the OSV database (sourced from GitHub Security Advisories and NVD) reveal that Langflow, a popular low-code platform for building AI agents, has been affected by at least 15 distinct vulnerabilities since June 2026.

window 45devidence 27confidence score 100

confidence score

Strong evidence: 3 independent source classes support this read.

100
high confidence3 independent source classesotherpasses publish gate

signal brief

Multiple security advisories published via the OSV database (sourced from GitHub Security Advisories and NVD) reveal that Langflow, a popular low-code platform for building AI agents, has been affected by at least 15 distinct vulnerabilities since June 2026. These include remote code execution (RCE) via BaseFileComponent nodes (CVE-2026-55447) and the validate_code() function (CVE-2026-0770), unauthenticated denial-of-service via multipart form boundary (CVE-2026-55446), insecure direct object references (IDOR) in the /api/v1/responses endpoint (CVE-2026-55255) and the monitor API (CVE-2026-33760), path traversal in knowledge bases (CVE-2026-42867), server-side request forgery (CVE-2025-68477), and cleartext storage of authentication settings (CVE-2026-6598). Many of these vulnerabilities allow an authenticated or even unauthenticated attacker to read, modify, or delete flows, execute arbitrary code, or cause service disruption. The most severe issues affect versions prior to 1.9.2 and 1.10.0. The breadth and severity of these flaws raise significant concerns about Langflow's security posture, potentially eroding developer and enterprise trust in the platform and driving users to alternative AI orchestration tools. For an AI-infra market perspective, this could slow adoption of Langflow in production AI workloads, affecting its position in the developer tooling ecosystem.

What the sources said

  • CVE-2026-55447 (RCE via BaseFileComponent): "Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit"
  • CVE-2026-55255 (IDOR in /api/v1/responses): "Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID."
  • CVE-2026-55446 (Unauthenticated DoS): "Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication... to make the langflow app unusable for all users for an indefinite amount of time."
  • CVE-2026-33760 (IDOR in monitor API): "Any authenticated user can read, modify, rename, or permanently delete another user's data by supplying the target's resource ID or flow_id."

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.