L

Langflow Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Langflow products.

4 known CVE vulnerabilities tracked

Critical
1
High
3
Medium
0
Low
0
None
0

Vulnerabilities By Year

2
2025
2
2026

Products Affected

Langflow 4

All Langflow CVEs

Recent Highest Score Oldest
CVE-2026-7528
7.1 high

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.

Langflow May 27, 2026
CVE-2026-7524
9.8 critical

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

Langflow May 27, 2026
CVE-2025-68478
7.1 high

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normaliz

Langflow Dec 19, 2025
CVE-2025-68477
7.7 high

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and t

Langflow Dec 19, 2025