← signals
2026-07-11·LANGFLOW·security risk
lowdown

A cluster of severe security vulnerabilities in Langflow, an open-source AI workflow tool, has been disclosed in...

A cluster of severe security vulnerabilities in Langflow, an open-source AI workflow tool, has been disclosed in June-July 2026, including a CISA Known Exploited Vulnerability (CVE-2026-55255) added to the KEV catalog on July 7, 2026, with a due date of July 10, 2026 for mitigation.

window 15devidence 27confidence score 100

confidence score

Strong evidence: 3 independent source classes support this read.

100
low confidence3 independent source classesofficialotherpasses publish gate

signal brief

A cluster of severe security vulnerabilities in Langflow, an open-source AI workflow tool, has been disclosed in June-July 2026, including a CISA Known Exploited Vulnerability (CVE-2026-55255) added to the KEV catalog on July 7, 2026, with a due date of July 10, 2026 for mitigation. The vulnerabilities span Insecure Direct Object Reference (IDOR), Remote Code Execution (RCE), path traversal, unauthenticated file upload leading to DoS, arbitrary file read, and session management issues. Specifically, CVE-2026-55255 allows an authenticated attacker to execute any flow belonging to another user by manipulating the flow ID. Several RCE vulnerabilities (CVE-2026-48519, CVE-2026-55447, CVE-2026-55450) permit unauthenticated attackers to execute arbitrary code on the server, particularly through the Shareable Playground feature. Additionally, CVE-2026-42867 and CVE-2026-42048 enable path traversal in the Knowledge Bases API, leading to arbitrary file read. These issues affect versions prior to 1.9.x/1.10.x. The breadth and severity of the vulnerabilities, combined with CISA's active exploitation warning, represent a significant trust hit for Langflow. Enterprise adopters may delay deployments or demand security hardening, potentially slowing Langflow's adoption growth.

What the sources said:

  • CISA KEV entry: "Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request." Source
  • PYSEC-2026-243: "Shareable Playground...contains a critical RCE vulnerability...allows for providing arbitrary custom Python code as the nodes code." Source
  • PYSEC-2026-378: "Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit." Source
  • PYSEC-2026-242: "Any authenticated user can read, modify, rename, or permanently delete another user's data by supplying the target's resource ID." Source

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.