SecAlerts
CVE ListPricingSign Up
Langflow logo

Langflow

Security Risk Profile

53
/100
medium

Security Risk Score

Comprehensive risk assessment based on 39 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from June 10, 2024 to present

39
Total CVEs
30
Critical+High
4
Exploited
12
Unpatched

Threat Assessment

Avg CVSS
8.3
Base severity
Avg EPSS
4%
Exploit probability
Unpatched
12
Critical/High
Risk Level
53/100
medium
⚠️ 4 Active Exploits📈 8 in Last 30 Days

Severity Distribution

Critical
15
High
15
Medium
8
Low
0

Exploit Likelihood

>50% chance
1
20-50%
0
5-20%
0
<5%
17

Age Distribution

Common Weaknesses (CWE)

1
Code Injection
10
2
Path Traversal
6
3
SSRF
2
4
SQL Injection
1
5
XSS
1

Most Affected Products

1. Langflow Langflow76
2. pip/langflow18
3. IBM Langflow Desktop13
4. Langflow Langflow Desktop6
5. pip/langflow-base4

Recent Vulnerabilities

See more →
CVE-2026-42048
CVSS 9.6critical

Langflow: Path Traversal in Langflow Knowledge Bases API

5/5/2026
CVE-2026-4503
CVSS 7.5high

Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint

4/28/2026
CVE-2026-3346
CVSS 6.4medium

Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

4/28/2026
CVE-2026-3340
CVSS 6.5medium

Server-Side Request Forgery (SSRF) in Langflow URL Component

4/28/2026
CVE-2026-4502
CVSS 6.5medium

Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

4/28/2026
CVE-2026-6543
CVSS 8.8EPSS 0%high

Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

4/28/2026
CVE-2026-3345
CVSS 6.5medium

Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

4/28/2026
CVE-2026-6542
CVSS 8.1EPSS 0%high

Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id

4/27/2026
CVE-2026-3357
CVSS 8.8high

IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file

4/2/2026
CVE-2026-34046
CVSS 8.7EPSS 0%high

Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

3/27/2026

Monitor Langflow in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

Langflow Security Vulnerabilities & Risk Score | 39 CVEs | SecAlerts - SecAlerts