Langflow is a python component designed to simplify the creation and management of language model flows. It provides a user-friendly interface for building complex language models, making it easier to integrate them into various applications.

What is remote code execution (RCE)?

Remote code execution (RCE) is a vulnerability that allows an attacker to execute arbitrary code on a target system from a remote location. This can lead to complete system compromise, including data theft, malware installation, and denial of service.

What is path traversal?

Path traversal is a security vulnerability that allows an attacker to access files and directories outside of the intended root directory. By manipulating file paths, an attacker can read sensitive files, execute arbitrary code, or overwrite critical system files.

How do I upgrade Langflow?

You can upgrade Langflow using the pip package manager. Run the command `pip install --upgrade langflow` to install the latest version of Langflow, which includes the necessary security patches.

Critical Langflow Vulnerabilities Patched

Multiple critical vulnerabilities have been discovered in Langflow, a python component. These vulnerabilities include unauthenticated remote code execution and path traversal, potentially leading to complete server compromise. Patches are available; users should upgrade immediately to mitigate these risks.

These vulnerabilities have CVSS scores up to 9.8, indicating critical severity.

What is Langflow?

Langflow is a component for python that simplifies building custom LLM flows. It provides a user-friendly interface for creating and managing complex language models. To learn more, you can search all langflow CVEs.

CVE-2025-3248: Langflow Unauthenticated Remote Code Execution

CVSS9.5

Affected versionsLangflow instances running versions 1.2.0 or earlier are affected.

CISA KEV

Critical severity: allows remote code execution without authentication.

With an EPSS score of 92.5%, this vulnerability is highly likely to be exploited.

This vulnerability is listed on CISA's Known Exploited Vulnerabilities catalog.

Langflow versions prior to 1.3.0 are susceptible to code injection in the `/api/v1/validate/code` endpoint. An unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server.

How to fix CVE-2025-3248 in Langflow

Patch immediately

1.Upgrade Langflow to version 1.3.0 or later.

Upgrade Langflow

pip install --upgrade langflow

Workaround: There are no known workarounds besides upgrading.

NextGuard automatically flags CVE-2025-3248 if Langflow appears in any of your monitored projects — no manual lookup required.

CVE-2026-33017: Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

CVSS9.8

Affected versionsLangflow instances running versions 1.8.2 or earlier with at least one public flow are vulnerable.

CISA KEV

Critical severity: allows unauthenticated remote code execution.

With an EPSS score of 6.1%, exploitation is possible.

This vulnerability is listed on CISA's Known Exploited Vulnerabilities catalog.

The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows without authentication, leading to remote code execution. An attacker can supply malicious flow data containing arbitrary Python code, which is then executed without sandboxing.

How to fix CVE-2026-33017 in Langflow

Patch immediately

1.Upgrade Langflow to version 1.9.0 or later.

Upgrade Langflow

pip install --upgrade langflow

Workaround: As a short-term fix, remove the `data` parameter from the `build_public_tmp` endpoint.

NextGuard automatically flags CVE-2026-33017 if Langflow appears in any of your monitored projects.

CVE-2026-33497: Langflow Path Traversal Vulnerability

CVSS7.5

Affected versionsLangflow instances running versions 1.7.0 or earlier are affected.

High severity: allows reading arbitrary files on the server.

With an EPSS score of 0.01%, exploitation is unlikely.

A path traversal vulnerability exists in the `/profile_pictures/{folder_name}/{file_name}` endpoint, allowing unauthenticated attackers to read arbitrary files. By manipulating the `folder_name` and `file_name` parameters, an attacker can access sensitive files, including the secret key.

How to fix CVE-2026-33497 in Langflow

Patch within 7 days

1.Upgrade Langflow to version 1.7.1 or later.

Upgrade Langflow

pip install --upgrade langflow

Workaround: Restrict network access to the `/api/v1/files/profile_pictures/` endpoint. Rotate the `secret_key` if exposure is suspected.

Stay ahead of python vulnerabilities

Proactively detect and remediate vulnerabilities like these by using a comprehensive monitoring solution. Start to monitor your python dependencies today.

Compare Solutions

Frequently asked questions

These vulnerabilities highlight the importance of keeping your dependencies up to date. Regularly see all python vulnerabilities and apply security patches promptly to protect your systems from potential attacks.