Multiple Vulnerabilities Reported in Langflow
German security advisories reported multiple vulnerabilities in Langflow, with separate notices identifying the product as affected and indicating that more than one security issue required attention. The advisories, 2026-0806 and 2026-1154, both classify the matter as a set of vulnerabilities rather than a single flaw, pointing to an ongoing security issue affecting the Langflow platform.
The available notices do not include public technical synopses, but the repeated publication of advisories for the same product indicates continued vulnerability management activity and the likelihood of updated findings or remediation guidance. Organizations using Langflow should review the referenced advisories, validate their deployed versions, and apply vendor or maintainer fixes and mitigations as they become available.
Timeline
Apr 27, 2026
dCERT publishes advisory 2026-1263 on Langflow DoS vulnerability
dCERT published advisory 2026-1263 for Langflow, identifying a vulnerability that allows denial of service. The reference indicates a new advisory publication but provides no additional technical or remediation details.
Apr 20, 2026
dCERT publishes advisory 2026-1154 on Langflow vulnerabilities
dCERT published a second advisory, 2026-1154, concerning multiple vulnerabilities in Langflow. The reference indicates a new advisory publication but does not include further specifics on the vulnerabilities or remediation.
Mar 23, 2026
dCERT publishes advisory 2026-0806 on Langflow vulnerabilities
dCERT published advisory 2026-0806 concerning multiple vulnerabilities in Langflow. No additional technical details are provided in the reference content.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Critical Langflow RCE in Public Flow Endpoint Exploited Immediately
A critical **unauthenticated remote code execution** flaw in Langflow, tracked as `CVE-2026-33017`, allows attackers to execute arbitrary Python code through the `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint. The vulnerability affects Langflow versions prior to `1.9.0` and stems from the application's handling of the optional `data` parameter, which can carry attacker-controlled flow definitions that are passed to `exec()` without sandboxing. The issue is separate from the earlier `CVE-2025-3248`, which involved authentication on a different endpoint. Security researchers reported exploitation beginning within 20 hours of public disclosure, with attackers scanning for exposed Langflow instances, stealing credentials and environment data, reading files including `/etc/passwd`, and attempting to fetch a follow-on payload from `173.212.205[.]251:8443`. The flaw requires no privileges or user interaction and carries high impact across confidentiality, integrity, and availability, underscoring the risk to AI workflow platforms that often hold sensitive data and integration secrets.
1 months ago
High-Severity Flaws in Langflow and vLLM Expose Secrets and Enable RCE
Two high-severity vulnerabilities were disclosed in widely used AI application components, affecting **Langflow** and **vLLM**. In Langflow, `CVE-2026-33497` impacts versions before **1.7.1** and stems from improper filtering of `folder_name` and `file_name` in the `/profile_pictures/{folder_name}/{file_name}` endpoint. The path traversal flaw (`CWE-22`) allows unauthenticated attackers to read files across directories, including the application's `secret_key`, creating a direct risk of secret exposure and follow-on compromise. The issue is addressed in **Langflow 1.7.1** and tracked in GitHub advisory `GHSA-ph9w-r52h-28p7`. A separate flaw in vLLM, `CVE-2026-27893`, can lead to **remote code execution** by bypassing a user's attempt to disable remote code trust. In versions from **0.10.1** up to but not including **0.18.0**, two model implementation files hardcoded `trust_remote_code=True`, overriding the safer `--trust-remote-code=False` setting and allowing malicious model repositories to run code during model use. The vulnerability, classified as `CWE-693`, was patched in **vLLM 0.18.0**, underscoring supply-chain and configuration-bypass risks in AI infrastructure components.
1 months ago
LangChain Flaws Enable Information Disclosure and Security Bypass
German CERT advisories disclosed two vulnerabilities in **LangChain**, warning that the framework is affected by flaws that can lead to **information disclosure** and the **bypassing of security measures**. The issues were published in separate notices, identified as `2026-0877` and `2026-1010`, indicating multiple security weaknesses affecting the widely used LLM application framework. The advisories provide limited public detail, but the reported impact suggests attackers could expose sensitive data and circumvent protections built into LangChain-based deployments. Organizations using LangChain should review the affected advisories, identify exposed implementations, and prioritize vendor guidance, patching, and compensating controls to reduce the risk of data exposure and weakened application security.
5 days ago