📦 Langflow

This vulnerability in Langflow's CSV Agent node allows attackers to execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). It affects...

This vulnerability allows remote attackers to execute arbitrary code as root on Langflow installations without authentication. The flaw exists in how the validate endpoint processes the exec_globals p...

CVE-2026-0768 is a critical remote code execution vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code on affected systems. The vulnerability exists in the ...

This vulnerability allows remote attackers to execute arbitrary Python code on Langflow installations without authentication. Attackers can achieve full system compromise by exploiting improper input ...

CVE-2026-21445 is a critical authentication bypass vulnerability in Langflow that allows unauthenticated attackers to access sensitive user conversation data, transaction histories, and perform destru...

CVE-2025-3248 is an unauthenticated remote code execution vulnerability in Langflow's /api/v1/validate/code endpoint. Attackers can send crafted HTTP requests to execute arbitrary code on vulnerable s...

CVE-2024-42835 is a critical remote code execution vulnerability in langflow v1.0.12 that allows attackers to execute arbitrary Python code via the PythonCodeTool component. This affects all users run...

Langflow versions through 0.6.19 contain a remote code execution vulnerability in the custom component API endpoint. Attackers can execute arbitrary Python code by sending crafted POST requests to the...

This vulnerability allows remote attackers to execute arbitrary Python code on Langflow installations through Python function components. Attackers can inject malicious code into workflows, potentiall...

This vulnerability allows authenticated remote attackers to execute arbitrary code on Langflow installations by exploiting insecure deserialization in the disk cache service. Attackers can leverage th...

This vulnerability in Langflow allows attackers to hijack user sessions through a CORS misconfiguration, leading to account takeover and remote code execution. Attackers can steal refresh tokens from ...

This privilege escalation vulnerability in Langflow allows authenticated users with RCE access to create new administrative accounts using the internal CLI command 'langflow superuser'. This affects a...

Langflow versions before 1.0.13 contain a privilege escalation vulnerability where remote attackers with low privileges can gain super admin access by sending mass assignment requests to the '/api/v1/...