Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-33484
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-24
CVE-2026-33497
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4722
Privilege escalation in the IPC component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4723
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4724
Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4724
Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4725
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4726
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4727
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4728
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved