wid-sec-w-2026-0747
·
Published 2026-03-16
·
View on BSI CERT-Bund ↗
Langflow: Multiple Vulnerabilities
CVSS 9.3
CRITICAL
CISA KEV — Known Exploited
Risk Summary
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion.
CVEs (2)
Affected Vendors
Open Source
Affected Products (3)
Open Source
·
Langflow
1.7.1
Open Source
·
Langflow
<=1.8.1
Open Source
·
Langflow
<=1.8.1
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more