CVE-2026-21445
Published: 02 January 2026
Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories,…
more
and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by explicitly defining and restricting permitted actions without identification or authentication on critical API endpoints handling sensitive data and operations.
Enforces approved authorizations for logical access to system resources, ensuring authentication is required before allowing access to sensitive conversation data, transaction histories, or destructive operations.
Requires identification and authentication of organizational users prior to accessing the Langflow APIs, preventing unauthenticated exploitation of endpoints lacking authentication controls.
Security SummaryAI
CVE-2026-21445 is a critical authentication bypass vulnerability affecting Langflow, an open-source tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints lack proper authentication controls, enabling unauthorized access to sensitive data and operations. This flaw, classified under CWE-306 (Missing Authentication for Critical Function), carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), highlighting its high severity due to network accessibility, low attack complexity, and no required privileges.
Any unauthenticated attacker with network access to a vulnerable Langflow instance can exploit this issue. Successful exploitation allows reading sensitive user conversation data and transaction histories, as well as performing destructive actions such as message deletion on endpoints that handle personal data and system operations. The vulnerability provides high-impact confidentiality and integrity violations without affecting availability.
The Langflow security advisory (GHSA-c5cp-vx83-jhqx) and associated patch commit (3fed9fe1b5658f2c8656dbd73508e113a96e486a) confirm that upgrading to version 1.7.0.dev45 resolves the issue by implementing required authentication controls on the affected endpoints. Security practitioners should prioritize updating instances and reviewing access logs for potential unauthorized activity.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Matched keywords: ai
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in public-facing API endpoints of Langflow, enabling unauthenticated remote exploitation for data access and manipulation, directly mapping to T1190: Exploit Public-Facing Application.