A series of CVEs have been published against Langflow, an open-source tool for building and deploying AI agents.

A series of CVEs have been published against Langflow, an open-source tool for building and deploying AI agents. From June 16-19, 2026, OSV advisories disclosed vulnerabilities including CVE-2026-42867 (path traversal in knowledge bases API), CVE-2026-55423 (session not cleared on logout), CVE-2026-33760 (IDOR/BOLA in monitor API accessing other users' data), CVE-2026-55447 (arbitrary file read with RCE via BaseFileComponent), CVE-2026-55255 (IDOR in responses endpoint), CVE-2026-55446 (unauthenticated DoS via multipart boundary), CVE-2026-48520 (unauthenticated file read in shareable playground), CVE-2026-48519 (unauthenticated RCE in shareable playground), and CVE-2026-55450 (unauthenticated file upload leading to DoS and information leak). Many of these vulnerabilities allow unauthenticated attackers to execute arbitrary code, read sensitive files, or cause denial of service. The issues affect versions prior to 1.9.2, 1.10.0, etc. A subsequent dev release (1.11.0.dev24) on PyPI suggests fixes are underway, but the cumulative severity undermines trust in the platform for production AI workloads. Source: OSV advisories, GHSA-7hw8-6q6r-4276, GHSA-9c59-2mvc-vfr8, GHSA-ccv6-r384-xp75, GHSA-qrpv-q767-xqq2, GHSA-qwqc-p3q8-wcg9, GHSA-rcjh-r59h-gq37, GHSA-v5ff-9q35-q26f, GHSA-x223-p2gf-v735, and respective PYSEC entries.