Vulnerabilidades en langflow-ai
36 resultadosCVE-2026-6597MEDIUMlangflow-ai langflow Flow Using API core.py has_api_terms credentials storageEPSS 0.3%CVE-2026-55450CRITICALLangflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leakEPSS 0.3%CVE-2026-7700MEDIUMlangflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injectionEPSS 0.3%CVE-2026-6596MEDIUMlangflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted uploadEPSS 0.3%CVE-2026-42867MEDIUMLangflow: Path Traversal in Knowledge Bases API via Creation EndpointEPSS 0.3%CVE-2026-33760HIGHLangflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 EndpointsEPSS 0.2%CVE-2026-5025MEDIUMLangflow - Application Logs Exposed to All Authenticated UsersEPSS 0.2%CVE-2026-55255CRITICALLangflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's FlowEPSS 0.2%CVE-2026-6599MEDIUMlangflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injectionEPSS 0.2%CVE-2026-48520MEDIUMLangflow: Unauthenticated Shareable Playground arbitrary local or S3 file readEPSS 0.2%CVE-2026-5022MEDIUMLangflow - Missing Authorization on download_image EndpointEPSS 0.2%CVE-2026-6600MEDIUMlangflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scriptingEPSS 0.2%CVE-2026-5026HIGHLangflow - Stored XSS via Malicious SVG UploadEPSS 0.2%CVE-2026-55423MEDIUMLangflow: Logout button does not clear sessionEPSS 0.2%CVE-2026-6598MEDIUMlangflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in fileEPSS 0.2%CVE-2026-12822MEDIUMlangflow-ai langflow Bundle URL Loader code injectionEPSS 0.1%