CVE-2026-33484
HIGH
GHSA-7grx-3xcx-2xv5
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
The /api/v1/files/images/{flow_id}/{file_name} endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200.
Details
src/backend/base/langflow/api/v1/files.py:138-164 - download_image takes flow_id: UUID as a bare path parameter with no Depends(get_flow) or CurrentActiveUser. All other file routes (download_file, upload_file, list_files, delete_file) use Depends(get_flow) which enforces both authentication and ownership. There is no global auth middleware on /api/v1; protection is per-endpoint only.
PoC
curl -v "http://localhost:7860/api/v1/files/images/<flow_uuid>/<filename.png>"
# Returns HTTP 200 with image bytes, no auth header requiredImpact
Unauthenticated cross-tenant data leak. In a multi-tenant deployment, any attacker who can discover or guess a flow_id (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials.
AnalysisAI
{flow_id}/{file_name} endpoint, while all other file operation endpoints properly implement these security controls. A proof-of-concept exploit exists demonstrating that any attacker with knowledge of a flow UUID and filename can retrieve sensitive image data without credentials, posing a critical risk in multi-tenant deployments where cross-tenant data leakage can occur.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Remote unauthenticated attacker can exploit the `/api/v1/files/images/{flow_id}/{file_name}` endpoint in Langflow by crafting requests with known flow_id and file_name parameters. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This vulnerability presents a high real-world risk with a CVSS base score of 7.5, driven by network accessibility (AV:N), low attack complexity (AC:L), and no required privileges (PR:N) or user interaction (UI:N), resulting in high confidentiality impact (C:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker targets a multi-tenant Langflow deployment by first obtaining valid flow UUIDs through social engineering, leaked API responses, or by creating their own account and observing UUID patterns in legitimate requests. Using a simple curl command or automated script, the attacker iterates through potential flow_id and file_name combinations, sending unauthenticated GET requests to the /api/v1/files/images/ endpoint to download image files belonging to other users or organizations. … |
| Remediation | Organizations running Langflow should immediately consult the GitHub security advisory at https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5 for the patched version and upgrade guidance. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Langflow instances in your environment and document which contain sensitive image data; assess whether multi-tenant or cross-user data sharing occurs. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today