Langflow, an open-source platform for building AI agents and workflows, has suffered a cascade of security...
Langflow, an open-source platform for building AI agents and workflows, has suffered a cascade of security vulnerabilities in June-July 2026, including multiple Remote Code Execution (RCE), Insecure Direct Object Reference (IDOR), path traversal, and denial-of-service flaws.
confidence score
Strong evidence: 3 independent source classes support this read.
signal brief
Langflow, an open-source platform for building AI agents and workflows, has suffered a cascade of security vulnerabilities in June-July 2026, including multiple Remote Code Execution (RCE), Insecure Direct Object Reference (IDOR), path traversal, and denial-of-service flaws. The most severe allow unauthenticated attackers to execute arbitrary code on Langflow servers. CISA added CVE-2026-55255, an authorization bypass, to its Known Exploited Vulnerabilities catalog on July 7, 2026, requiring federal agencies to remediate by July 10, 2026. Additional advisories from OSV and GitHub detail RCE in Shareable Playgrounds (CVE-2026-48519), unauthenticated file read (CVE-2026-48520), IDOR in Monitor API (CVE-2026-33760), session logout failure (CVE-2026-55423), and more. The breadth and severity of these issues erode trust in Langflow for production use. Developers and enterprises using Langflow must urgently patch to versions 1.10.0 or later, or consider alternative orchestration tools. The CISA mandate signals heightened government scrutiny and potential customer churn.
What the sources said:
- CISA KEV entry: "Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user..."
- GHSA-v5ff-9q35-q26f: "Prior to 1.9.2, the 'Shareable Playground' contains a critical RCE vulnerability... executing any public flow with arbitrary custom Python code."
- GHSA-rcjh-r59h-gq37: "Prior to 1.10.0, the 'Shareable Playground' contains a potential arbitrary file-read vulnerability... files path can be any path supported by the storage."
- GHSA-9c59-2mvc-vfr8: "Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations... without verifying that the authenticated requester owns the targeted resource."
source data used
“CVE: CVE-2026-55255 Vendor/project: Langflow Product: Langflow Known ransomware campaign use: Unknown Due date: 2026-07-10 CWE: CWE-639 Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to...”
“A Python package with a built-in web application”
“Aliases: CVE-2026-42867 Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint”
“Aliases: CVE-2026-55423, PYSEC-2026-222 Langflow: Logout button does not clear session”
“Aliases: CVE-2026-33760, PYSEC-2026-242 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints”
“Aliases: CVE-2026-55447, PYSEC-2026-378 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit”
“Aliases: CVE-2026-55255, PYSEC-2026-221 Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow”
“Aliases: CVE-2026-55446, PYSEC-2026-223 Langflow: Unauthenticated DoS through multipart form boundary file upload”
“Aliases: CVE-2026-48520, PYSEC-2026-244 Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read”
“Aliases: CVE-2026-48519, PYSEC-2026-243 Langflow: Unauthenticated RCE in Shareable Playgrounds”
“Aliases: CVE-2026-55450, PYSEC-2026-224 Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak”
“Aliases: CVE-2024-9277, GHSA-355v-2rjx-fpx7 Inefficient Regular Expression Complexity in langflow”
“Aliases: CVE-2025-68477, GHSA-5993-7p27-66g5 Langflow vulnerable to Server-Side Request Forgery”
“Aliases: CVE-2024-48061, GHSA-5p5r-57fx-pmfr Langflow vulnerable to remote code execution”
“Aliases: CVE-2026-21445, GHSA-c5cp-vx83-jhqx Langflow Missing Authentication on Critical API Endpoints”
“Aliases: CVE-2026-0770, GHSA-g22f-v6f7-2hrh Langflow affected by Remote Code Execution via validate_code() exec()”
“Aliases: CVE-2026-55255, GHSA-qrpv-q767-xqq2 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow...”
“Aliases: CVE-2026-55423, GHSA-7hw8-6q6r-4276 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly...”
“Aliases: CVE-2026-55446, GHSA-qwqc-p3q8-wcg9 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form...”
“Aliases: CVE-2026-55450, GHSA-x223-p2gf-v735 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any...”
“Aliases: CVE-2026-33760, GHSA-9c59-2mvc-vfr8 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages,...”
“Aliases: CVE-2026-48519, GHSA-v5ff-9q35-q26f Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by...”
“Aliases: CVE-2026-48520, GHSA-rcjh-r59h-gq37 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnerability, depending on the exact...”
“Aliases: CVE-2026-27966, GHSA-3645-fxcv-hqr4 Langflow has Remote Code Execution in CSV Agent”
“Aliases: CVE-2026-42048, GHSA-9whx-c884-c68q Langflow Knowledge Bases API is Vulnerable to Path Traversal”
“Aliases: CVE-2026-55447, GHSA-ccv6-r384-xp75 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit”
“Aliases: CVE-2026-33017, GHSA-vwmf-pq79-vjvx Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.