CNNVD-202512-3805 Information

CNNVD ID

CNNVD-202512-3805

Related CVE

CVE-2025-68477

• CNNVD Published: 2025-12-19

Description (Chinese)

Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.7.0之前版本存在安全漏洞，该漏洞源于API Request组件未阻止私有IP范围和云元数据端点，可能导致非盲SSRF攻击和信息泄露。

Description (English)

Langflow is a visual framework for building multi-agent and RAG applications from Langflow Open Source. The previous version of Langflow 1.7.0 had a security loophole, which stemmed from the fact that the API Request component did not prevent private IP coverage and cloud metadata endpoints, which could lead to unblind SSR attacks and information leaks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Langflow

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/langflow-ai/langflow/security/advisories/GHSA-5993-7p27-66g5 https://access.redhat.com/security/cve/cve-2025-68477

Patch

https://github.com/langflow-ai/langflow/releases