CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-33484

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch.

Exploit prediction scoring system (EPSS) score

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2026-33484

Langflow » Langflow » Version: 1.0.0

cpe:2.3:a:langflow:langflow:1.0.0
Langflow » Langflow » Version: 1.0.1

cpe:2.3:a:langflow:langflow:1.0.1
Langflow » Langflow » Version: 1.0.10

cpe:2.3:a:langflow:langflow:1.0.10
Langflow » Langflow » Version: 1.0.11

cpe:2.3:a:langflow:langflow:1.0.11
Langflow » Langflow » Version: 1.0.12

cpe:2.3:a:langflow:langflow:1.0.12
Langflow » Langflow » Version: 1.0.13

cpe:2.3:a:langflow:langflow:1.0.13
Langflow » Langflow » Version: 1.0.14

cpe:2.3:a:langflow:langflow:1.0.14
Langflow » Langflow » Version: 1.0.15

cpe:2.3:a:langflow:langflow:1.0.15
Langflow » Langflow » Version: 1.0.16

cpe:2.3:a:langflow:langflow:1.0.16
Langflow » Langflow » Version: 1.0.17

cpe:2.3:a:langflow:langflow:1.0.17
Langflow » Langflow » Version: 1.0.18

cpe:2.3:a:langflow:langflow:1.0.18
Langflow » Langflow » Version: 1.0.19

cpe:2.3:a:langflow:langflow:1.0.19
Langflow » Langflow » Version: 1.0.2

cpe:2.3:a:langflow:langflow:1.0.2
Langflow » Langflow » Version: 1.0.3

cpe:2.3:a:langflow:langflow:1.0.3
Langflow » Langflow » Version: 1.0.4

cpe:2.3:a:langflow:langflow:1.0.4
Langflow » Langflow » Version: 1.0.5

cpe:2.3:a:langflow:langflow:1.0.5
Langflow » Langflow » Version: 1.0.6

cpe:2.3:a:langflow:langflow:1.0.6
Langflow » Langflow » Version: 1.0.7

cpe:2.3:a:langflow:langflow:1.0.7
Langflow » Langflow » Version: 1.0.8

cpe:2.3:a:langflow:langflow:1.0.8
Langflow » Langflow » Version: 1.0.9

cpe:2.3:a:langflow:langflow:1.0.9
Langflow » Langflow » Version: 1.1.0

cpe:2.3:a:langflow:langflow:1.1.0
Langflow » Langflow » Version: 1.1.1

cpe:2.3:a:langflow:langflow:1.1.1
Langflow » Langflow » Version: 1.1.2

cpe:2.3:a:langflow:langflow:1.1.2
Langflow » Langflow » Version: 1.1.3

cpe:2.3:a:langflow:langflow:1.1.3
Langflow » Langflow » Version: 1.1.4

cpe:2.3:a:langflow:langflow:1.1.4
Langflow » Langflow » Version: 1.2.0

cpe:2.3:a:langflow:langflow:1.2.0
Langflow » Langflow » Version: 1.3.0

cpe:2.3:a:langflow:langflow:1.3.0
Langflow » Langflow » Version: 1.3.1

cpe:2.3:a:langflow:langflow:1.3.1
Langflow » Langflow » Version: 1.3.2

cpe:2.3:a:langflow:langflow:1.3.2
Langflow » Langflow » Version: 1.3.3

cpe:2.3:a:langflow:langflow:1.3.3
Langflow » Langflow » Version: 1.3.4

cpe:2.3:a:langflow:langflow:1.3.4
Langflow » Langflow » Version: 1.4.0

cpe:2.3:a:langflow:langflow:1.4.0
Langflow » Langflow » Version: 1.4.1

cpe:2.3:a:langflow:langflow:1.4.1
Langflow » Langflow » Version: 1.4.2

cpe:2.3:a:langflow:langflow:1.4.2
Langflow » Langflow » Version: 1.4.3

cpe:2.3:a:langflow:langflow:1.4.3
Langflow » Langflow » Version: 1.5.0

cpe:2.3:a:langflow:langflow:1.5.0
Langflow » Langflow » Version: 1.5.1

cpe:2.3:a:langflow:langflow:1.5.1
Langflow » Langflow » Version: 1.6.0

cpe:2.3:a:langflow:langflow:1.6.0
Langflow » Langflow » Version: 1.6.1

cpe:2.3:a:langflow:langflow:1.6.1
Langflow » Langflow » Version: 1.6.10

cpe:2.3:a:langflow:langflow:1.6.10
Langflow » Langflow » Version: 1.6.2

cpe:2.3:a:langflow:langflow:1.6.2
Langflow » Langflow » Version: 1.6.3

cpe:2.3:a:langflow:langflow:1.6.3
Langflow » Langflow » Version: 1.6.4

cpe:2.3:a:langflow:langflow:1.6.4
Langflow » Langflow » Version: 1.6.5

cpe:2.3:a:langflow:langflow:1.6.5
Langflow » Langflow » Version: 1.6.6

cpe:2.3:a:langflow:langflow:1.6.6
Langflow » Langflow » Version: 1.6.7

cpe:2.3:a:langflow:langflow:1.6.7
Langflow » Langflow » Version: 1.6.8

cpe:2.3:a:langflow:langflow:1.6.8
Langflow » Langflow » Version: 1.6.9

cpe:2.3:a:langflow:langflow:1.6.9
Langflow » Langflow » Version: 1.7.0

cpe:2.3:a:langflow:langflow:1.7.0
Langflow » Langflow » Version: 1.7.1

cpe:2.3:a:langflow:langflow:1.7.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-33484

Products

Pricing

Contact Us