← signals
2026-07-08·LANGFLOW·security risk
highdown

Langflow, an open-source platform for building AI agents and workflows, has been hit by a wave of critical security...

Langflow, an open-source platform for building AI agents and workflows, has been hit by a wave of critical security advisories in June-July 2026, including multiple remote code execution (RCE), insecure direct object reference (IDOR), and path traversal vulnerabilities.

window 7devidence 27confidence score 100

confidence score

Strong evidence: 3 independent source classes support this read.

100
high confidence3 independent source classesofficialotherpasses publish gate

signal brief

Langflow, an open-source platform for building AI agents and workflows, has been hit by a wave of critical security advisories in June-July 2026, including multiple remote code execution (RCE), insecure direct object reference (IDOR), and path traversal vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added one vulnerability (CVE-2026-55255) to its Known Exploited Vulnerabilities (KEV) catalog on July 7, 2026, with a due date of July 10, 2026, for federal agencies to patch. The KEV entry describes an authorization bypass that allows an authenticated attacker to execute any flow belonging to another user.

Beyond the CISA-highlighted issue, OSV.dev lists at least 14 distinct advisories affecting Langflow versions prior to 1.9.x or earlier, including unauthenticated RCE in Shareable Playgrounds (CVE-2026-48519), arbitrary file read (CVE-2026-48520), unauthenticated denial-of-service (CVE-2026-55446, CVE-2026-55450), and multiple IDOR vulnerabilities in monitor and responses APIs (CVE-2026-33760, CVE-2026-55255). Several of these are fixed in versions 1.9.0, 1.9.1, 1.9.2, or 1.10.0, but the rapid succession of patches and the severity of exploits (including RCE via CSV Agent in PYSEC-2026-376) raise serious concerns about the platform's security posture.

What the sources said:

  • CISA KEV entry (CVE-2026-55255): "Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request." Source
  • OSV advisory for CVE-2026-48519 (RCE in Shareable Playground): "The vulnerable field is data.nodes[X].data.node.template.code.value. This vulnerability is fixed in 1.9.2." Source
  • OSV advisory for CVE-2026-55450: "Unauthenticated users can upload any amount of data to the server without any limitations ... can lead to space exhaustion on the server." Source

The concentration of critical and remotely exploitable vulnerabilities suggests a systemic security weakness in Langflow's codebase, particularly in authentication and authorization checks, as well as in sandboxing user-provided code in the "Shareable Playground" feature. The CISA KEV inclusion and multiple patches in close succession indicate an urgent need for users to update and for the project to overhaul its security review processes. This will likely erode enterprise trust, slow adoption, and could lead to downstream supply chain risks for organizations embedding Langflow.

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.