CNNVD-202601-074 Information

CNNVD ID

CNNVD-202601-074

Related CVE

CVE-2026-21445

• CNNVD Published: 2026-01-02

Description (Chinese)

Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.7.0.dev45之前版本存在访问控制错误漏洞，该漏洞源于多个关键API端点缺少身份验证控制，可能导致未经验证的用户访问敏感数据并执行破坏性操作。

Description (English)

Langflow is a visual framework for building multi-agent and RAG applications from Langflow Open Source. Prior to the Langflow 1.7.dev45 version, there was a bug in access control, which stemmed from the lack of identification controls at several key API endpoints, which could lead to uncertified users accessing sensitive data and performing destructive operations.

Hazard Level

Low

Vulnerability Type

访问控制错误

Affected Vendor

Langflow

Published

2026-01-02

Last Modified

2026-02-24

References

https://github.com/langflow-ai/langflow/commit/3fed9fe1b5658f2c8656dbd73508e113a96e486a https://github.com/langflow-ai/langflow/security/advisories/GHSA-c5cp-vx83-jhqx https://access.redhat.com/security/cve/cve-2026-21445

Patch

https://www.langflow.org/desktop