Langflow Security Vulnerabilities Expose AI Systems
ID: 8c5f289e-da41-5643-b394-7da28655d868
STIX ID: report--8c5f289e-da41-5643-b394-7da28655d868
Feed Name: securityonline.info
Threat Score
Langflow (pip) contains three critical vulnerabilities—an IDOR allowing authenticated access to other users' flows, a TAR extraction flaw enabling arbitrary file reads and potential remote code execution, and an unauthenticated file upload that can exhaust disk space and leak file paths. The flaws carry a top severity of 9.9; patches are available (upgrade to 1.9.1/1.9.2) and no in-the-wild exploitation has been confirmed.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
