CVE-2026-21445
8.8
Langflow Unchained: Open Gates and Path Traversals in the AI Pipeline
Amit Schendel
Senior Security ResearcherJan 2, 2026·6 min read·13 visits
PoC Available
Executive Summary (TL;DR)
The Langflow dev team forgot to lock the front door. Critical API endpoints—including log streams and user creation—lacked authentication checks. Combined with a path traversal vulnerability in the profile picture handler, unauthenticated attackers could fully compromise the instance, steal OpenAI/Anthropic keys, and exfiltrate server files.
Langflow, a popular visual framework for building AI agents, shipped with critical endpoints completely exposed to unauthenticated users. This vulnerability allowed attackers to stream live application logs (leaking API keys), create administrative users, and read arbitrary files via directory traversal.
Official Patches
Fix Analysis (1)
Technical Appendix
CVSS Score
8.8/ 10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:PAffected Systems
Langflow AI Agent Builder
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
Langflow langflow-ai | < 1.7.0.dev45 | 1.7.0.dev45 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-306 (Missing Authentication) |
| Secondary CWE | CWE-22 (Path Traversal) |
| CVSS v4.0 | 8.8 (High) |
| Attack Vector | Network |
| Privileges Required | None |
| Impact | Critical (Data Leakage, RCE potential) |
MITRE ATT&CK Mapping
CWE-306
Missing Authentication for Critical Function
The software does not prove that a claim of identity is correct when that claim is used to execute a critical function.
Known Exploits & Detection
Vulnerability Timeline
Vulnerability Published and Patched
2026-01-02