CVE-2026-21445
CRIT 9.1Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.
Affected Applications in Environment
5
Flow
v1.3.173.0
7 devices
Flow
v1.3.176.0
9 devices
Flow
v1.3.51.1
1 device
Flow
v1.3.51.0
2 devices
Flow
v1.3.174.0
1 device
Affected Devices
19
118B-13
Windows
118B-14
Windows
118B-15
Windows
118B-18
Windows
DESKTOP-2F2IHK3
Windows
DPADVS-L72018DT
Windows
DPADVS-L72115D7
Windows
DPAGNF-A7412369
Windows
DPAGNF-A741236B
Windows
DPAGNF-A805193T
Windows
DPATHL-835405G
Windows
DPATHL-83540MD
Windows
DPBIOL-MITZI
Windows
DPELED-D81938YB
Windows
DPEMAE-92503DF
Windows
FACHVAC-HP640-2
Windows
FACHVAC-HP640-4
Windows
FACHVAC-HP640-5
Windows
FACHVAC92505LP
Windows