Between June 16 and June 29, 2026, multiple critical vulnerabilities were disclosed in Langflow (versions prior to...
Between June 16 and June 29, 2026, multiple critical vulnerabilities were disclosed in Langflow (versions prior to 1.10.0), a popular open-source tool for building AI agents and workflows.
signal brief
Between June 16 and June 29, 2026, multiple critical vulnerabilities were disclosed in Langflow (versions prior to 1.10.0), a popular open-source tool for building AI agents and workflows. The advisories, published on OSV and GitHub, include CVE-2026-42867 (path traversal), CVE-2026-55423 (session not cleared on logout), CVE-2026-33760 (IDOR/BOLA in Monitor API), CVE-2026-55447 (arbitrary file read with RCE), CVE-2026-55255 (IDOR in responses endpoint), CVE-2026-55446 (unauthenticated DoS), CVE-2026-48520 (unauthenticated arbitrary file read), CVE-2026-48519 (unauthenticated RCE in Shareable Playgrounds), and others. These vulnerabilities allow attackers to read, modify, or delete user data, execute arbitrary code, or cause denial of service, with many exploitable without authentication. The severity is high, especially for instances with public access. The rapid disclosure of CVEs signals significant security gaps in Langflow's codebase, likely eroding trust among enterprise users and slowing adoption. The project has released patches in versions 1.9.2 and 1.10.0, but the discovery of additional vulnerabilities (e.g., RCE in CSV Agent, CVE-2026-27966) suggests ongoing risks. This security cluster poses a direct threat to Langflow's growth and could benefit competing platforms with stronger security postures.
Sources:
- https://osv.dev/vulnerability/GHSA-79ph-745m-6wxq
- https://osv.dev/vulnerability/GHSA-7hw8-6q6r-4276
- https://osv.dev/vulnerability/GHSA-9c59-2mvc-vfr8
- https://osv.dev/vulnerability/GHSA-ccv6-r384-xp75
- https://osv.dev/vulnerability/GHSA-qrpv-q767-xqq2
- https://osv.dev/vulnerability/GHSA-qwqc-p3q8-wcg9
- https://osv.dev/vulnerability/GHSA-rcjh-r59h-gq37
- https://osv.dev/vulnerability/GHSA-v5ff-9q35-q26f
- https://osv.dev/vulnerability/GHSA-x223-p2gf-v735
- https://osv.dev/vulnerability/PYSEC-2026-221
- https://osv.dev/vulnerability/PYSEC-2026-222
- https://osv.dev/vulnerability/PYSEC-2026-223
- https://osv.dev/vulnerability/PYSEC-2026-224
- https://osv.dev/vulnerability/PYSEC-2026-242
- https://osv.dev/vulnerability/PYSEC-2026-243
- https://osv.dev/vulnerability/PYSEC-2026-244
- https://osv.dev/vulnerability/PYSEC-2026-376
- https://osv.dev/vulnerability/PYSEC-2026-377
- https://osv.dev/vulnerability/PYSEC-2026-378
- https://osv.dev/vulnerability/PYSEC-2026-379
evidence
- https://pypi.org/project/langflow/web
- https://osv.dev/vulnerability/GHSA-79ph-745m-6wxqweb
- https://osv.dev/vulnerability/GHSA-7hw8-6q6r-4276web
- https://osv.dev/vulnerability/GHSA-9c59-2mvc-vfr8web
- https://osv.dev/vulnerability/GHSA-ccv6-r384-xp75web
- https://osv.dev/vulnerability/GHSA-qrpv-q767-xqq2web
- https://osv.dev/vulnerability/GHSA-qwqc-p3q8-wcg9web
- https://osv.dev/vulnerability/GHSA-rcjh-r59h-gq37web
- https://osv.dev/vulnerability/GHSA-v5ff-9q35-q26fweb
- https://osv.dev/vulnerability/GHSA-x223-p2gf-v735web
- https://osv.dev/vulnerability/PYSEC-2026-221web
- https://osv.dev/vulnerability/PYSEC-2026-222web
- https://osv.dev/vulnerability/PYSEC-2026-223web
- https://osv.dev/vulnerability/PYSEC-2026-224web
- https://osv.dev/vulnerability/PYSEC-2026-242web
- https://osv.dev/vulnerability/PYSEC-2026-243web
- https://osv.dev/vulnerability/PYSEC-2026-244web
- https://osv.dev/vulnerability/PYSEC-2026-376web
- https://osv.dev/vulnerability/PYSEC-2026-377web
- https://osv.dev/vulnerability/PYSEC-2026-378web
- https://osv.dev/vulnerability/PYSEC-2026-379web
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.