Filtered by vendor Langflow
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57760 | 1 Langflow | 1 Langflow | 2025-08-26 | 8.8 High |
| Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time. | ||||
| CVE-2025-3248 | 1 Langflow | 1 Langflow | 2025-07-30 | 9.8 Critical |
| Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | ||||
| CVE-2024-7297 | 1 Langflow | 1 Langflow | 2025-06-24 | 8.8 High |
| Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint. | ||||
| CVE-2024-9277 | 1 Langflow | 1 Langflow | 2025-06-05 | 3.5 Low |
| A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48061 | 1 Langflow | 1 Langflow | 2025-05-28 | 9.8 Critical |
| langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. | ||||
| CVE-2024-42835 | 1 Langflow | 1 Langflow | 2025-05-27 | 9.8 Critical |
| langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. | ||||
| CVE-2024-37014 | 1 Langflow | 1 Langflow | 2024-11-21 | 9.8 Critical |
| Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. | ||||
Page 1 of 1.