Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.

Related CPE's

Could not find any relations

References

https://github.com/langflow-ai/langflow/commit/3fed9fe1b5658f2c8656dbd73508e113a96e486a

https://github.com/langflow-ai/langflow/security/advisories/GHSA-c5cp-vx83-jhqx

Weaknesses

[email protected]

Primary
CWE-306

CVSS impact metrics

Missing metrics for CVSS V

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2026-01-02T20:16:17.880

2 hours ago

Last modified

2026-01-02T20:16:17.880

2 hours ago