logo

Langflow Security Vulnerabilities Expose AI Systems

ID: 8c5f289e-da41-5643-b394-7da28655d868

STIX ID: report--8c5f289e-da41-5643-b394-7da28655d868

Feed Name: securityonline.info

Threat Score
78/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Do Son

...
...

Langflow (pip) contains three critical vulnerabilities—an IDOR allowing authenticated access to other users' flows, a TAR extraction flaw enabling arbitrary file reads and potential remote code execution, and an unauthenticated file upload that can exhaust disk space and leak file paths. The flaws carry a top severity of 9.9; patches are available (upgrade to 1.9.1/1.9.2) and no in-the-wild exploitation has been confirmed.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.