HIGHVulnerability
Verified
Global
CISA KEV: Langflow Langflow — Langflow Code Injection Vulnerability
Wednesday, March 25, 2026 at 12:00 AM UTC·Source: CISA KEV
Updated: Thursday, April 2, 2026 at 05:46 PM UTC
Executive Summary
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
Analysis
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
Added to CISA Known Exploited Vulnerabilities catalog on 2026-03-25. Remediation due: 2026-04-08.