Langflow Security Vulnerabilities (CVEs)
Track 13 security vulnerabilities affecting Langflow products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Langflow's CSV Agent node allows attackers to execute arbitrary Python and OS commands on the server via prompt injection, leadi...
Feb 26, 2026This vulnerability allows remote attackers to execute arbitrary code as root on Langflow installations without authentication. The flaw exists in how ...
Jan 23, 2026This vulnerability allows remote attackers to execute arbitrary Python code on Langflow installations through Python function components. Attackers ca...
Jan 23, 2026This vulnerability allows authenticated remote attackers to execute arbitrary code on Langflow installations by exploiting insecure deserialization in...
Jan 23, 2026CVE-2026-0768 is a critical remote code execution vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code on ...
Jan 23, 2026This vulnerability allows remote attackers to execute arbitrary Python code on Langflow installations without authentication. Attackers can achieve fu...
Jan 23, 2026CVE-2026-21445 is a critical authentication bypass vulnerability in Langflow that allows unauthenticated attackers to access sensitive user conversati...
Jan 2, 2026This vulnerability in Langflow allows attackers to hijack user sessions through a CORS misconfiguration, leading to account takeover and remote code e...
Dec 5, 2025This privilege escalation vulnerability in Langflow allows authenticated users with RCE access to create new administrative accounts using the interna...
Aug 25, 2025CVE-2025-3248 is an unauthenticated remote code execution vulnerability in Langflow's /api/v1/validate/code endpoint. Attackers can send crafted HTTP ...
Apr 7, 2025CVE-2024-42835 is a critical remote code execution vulnerability in langflow v1.0.12 that allows attackers to execute arbitrary Python code via the Py...
Oct 31, 2024Langflow versions before 1.0.13 contain a privilege escalation vulnerability where remote attackers with low privileges can gain super admin access by...
Jul 30, 2024Langflow versions through 0.6.19 contain a remote code execution vulnerability in the custom component API endpoint. Attackers can execute arbitrary P...
Jun 10, 2024Why Monitor Langflow Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 13+ known vulnerabilities affecting Langflow products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Langflow packages in under 60 seconds. No agents required - completely agentless scanning that works across Langflow deployments.
Free vulnerability database: Access detailed information about every Langflow CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Langflow CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
