CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2026-21445

Langflow Unchained: Open Gates and Path Traversals in the AI Pipeline

Amit Schendel
Amit Schendel
Senior Security Researcher

Jan 2, 2026·6 min read·66 visits

Executive Summary (TL;DR)

The Langflow dev team forgot to lock the front door. Critical API endpoints—including log streams and user creation—lacked authentication checks. Combined with a path traversal vulnerability in the profile picture handler, unauthenticated attackers could fully compromise the instance, steal OpenAI/Anthropic keys, and exfiltrate server files.

Langflow, a popular visual framework for building AI agents, shipped with critical endpoints completely exposed to unauthenticated users. This vulnerability allowed attackers to stream live application logs (leaking API keys), create administrative users, and read arbitrary files via directory traversal.

Official Patches

LangflowGitHub Commit fixing the vulnerabilities

Fix Analysis (1)

Technical Appendix

CVSS Score
8.8/ 10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Affected Systems

Langflow AI Agent Builder

Affected Versions Detail

Product
Affected Versions
Fixed Version
Langflow
langflow-ai
< 1.7.0.dev451.7.0.dev45
AttributeDetail
CWE IDCWE-306 (Missing Authentication)
Secondary CWECWE-22 (Path Traversal)
CVSS v4.08.8 (High)
Attack VectorNetwork
Privileges RequiredNone
ImpactCritical (Data Leakage, RCE potential)

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1078Valid Accounts
Defense Evasion
T1005Data from Local System
Collection
CWE-306
Missing Authentication for Critical Function

The software does not prove that a claim of identity is correct when that claim is used to execute a critical function.

Known Exploits & Detection

Manual AnalysisDirect API manipulation via curl allows admin creation and log streaming.
NucleiDetection Template Available

Vulnerability Timeline

Vulnerability Published and Patched
2026-01-02

References & Sources

  • [1]GHSA-c5cp-vx83-jhqx Advisory
  • [2]NVD Entry

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•27 minutes ago•CVE-2026-48500
6.5

CVE-2026-48500: Unauthenticated File Upload and Resource Exhaustion in Filament Admins

CVE-2026-48500 is an authorization bypass vulnerability within Filament, a full-stack Laravel administration panel suite. The flaw arises from the unauthenticated exposure of Livewire's file upload RPC endpoints on guest-facing pages, allowing remote actors to upload arbitrary files to temporary storage, potentially leading to storage exhaustion and service disruption.

Alon Barad
Alon Barad
3 views•7 min read
•about 1 hour ago•GHSA-WCMJ-X466-56MM
6.1

GHSA-WCMJ-X466-56MM: Arbitrary File Write via UNIX Symbolic Link Following in OpenTofu

A UNIX symbolic link following vulnerability exists in the provider cache installation mechanism of OpenTofu. This flaw allows an attacker with control over the repository files to write files outside of the intended workspace boundary during initialization.

Amit Schendel
Amit Schendel
4 views•6 min read
•about 3 hours ago•CVE-2026-48507
7.1

CVE-2026-48507: Incorrect Authorization in Snipe-IT Bulk User Edit and Merge Features

An incorrect authorization vulnerability (CWE-863) in Snipe-IT versions prior to 8.6.0 allows authenticated, low-privileged users with granular 'users.edit' permissions to modify restricted user flags ('activated' and 'ldap_import') and merge high-privileged administrator accounts into standard user accounts. This allows an attacker to lock administrators out of the system or completely hijack administrator accounts.

Amit Schendel
Amit Schendel
2 views•8 min read
•about 3 hours ago•GHSA-W2J7-F3C6-G8CW
4.7

GHSA-w2j7-f3c6-g8cw: Open Redirect Bypass via Parser Differential in Flask-Security

An open redirect vulnerability exists in Flask-Security versions up to and including 5.8.0. This flaw allows remote, unauthenticated attackers to perform open redirects by exploiting a parser differential between Python's standard library urlsplit() function and modern web browsers when subdomain redirection is allowed.

Amit Schendel
Amit Schendel
2 views•8 min read
•about 6 hours ago•CVE-2026-49205
6.5

CVE-2026-49205: Missing Authorization in phpMyFAQ Public REST API Write Endpoints

An incomplete security patch for CVE-2026-24421 in phpMyFAQ allows authenticated low-privileged users to bypass role-based access controls. While the initial patch addressed missing authorization in the BackupController, it left four critical write-enabled endpoints vulnerable. This allows remote attackers with a valid low-privilege API token to perform unauthorized data modifications, creating categories, creating FAQs, updating FAQs, and injecting questions directly into the database.

Amit Schendel
Amit Schendel
6 views•5 min read
•about 15 hours ago•GHSA-74P7-6H78-GW8P
8.6

GHSA-74P7-6H78-GW8P: Multiple Critical Security Flaws in skillctl Agent-Skill Manager

An in-depth security audit of the skillctl command-line package manager revealed five critical and high-severity security vulnerabilities. The identified flaws span parameter-level command argument injection via the source_sha parameter, uncontrolled resource consumption (Denial of Service) through unnamed UNIX FIFOs and character devices, directory path traversal in the destination argument, commit-message trailer forgery via newline injection in skill names, and local credential exfiltration leveraging UNIX hardlinks. These vulnerabilities represent significant vectors for workstation compromise when executing agentic tasks in repositories containing untrusted files or pull requests. Remediation was introduced in version v0.1.3.

Alon Barad
Alon Barad
6 views•6 min read