CVE-2026-33484

HIGH
2026-03-20 https://github.com/langflow-ai/langflow GHSA-7grx-3xcx-2xv5
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
PoC Detected
Mar 24, 2026 - 19:20 vuln.today
Public exploit code
Analysis Generated
Mar 20, 2026 - 21:01 vuln.today
CVE Published
Mar 20, 2026 - 20:47 nvd
HIGH 7.5

Tags

Authentication Bypass

Description

### Summary The `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. ### Details `src/backend/base/langflow/api/v1/files.py:138-164` - `download_image` takes `flow_id`: UUID as a bare path parameter with no Depends(get_flow) or `CurrentActiveUser`. All other file routes (`download_file`, `upload_file`, `list_files`, `delete_file`) use `Depends(get_flow)` which enforces both authentication and ownership. There is no global auth middleware on /api/v1; protection is per-endpoint only. ### PoC ``` curl -v "http://localhost:7860/api/v1/files/images/<flow_uuid>/<filename.png>" # Returns HTTP 200 with image bytes, no auth header required ``` ### Impact Unauthenticated cross-tenant data leak. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials.

Analysis

The Langflow Python package contains an authentication bypass vulnerability in its image file download endpoint that allows unauthenticated attackers to access image files uploaded by any user. Langflow, a visual framework for building AI applications, fails to enforce authentication and ownership checks on the /api/v1/files/images/{flow_id}/{file_name} endpoint, while all other file operation endpoints properly implement these security controls. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all Langflow instances in your environment and document which contain sensitive image data; assess whether multi-tenant or cross-user data sharing occurs. Within 7 days: Implement network-level access controls restricting the /api/v1/files/images endpoint to authenticated users only; deploy WAF rules to require valid authentication tokens; consider disabling the image download feature if not business-critical. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

58
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: +20

Share

CVE-2026-33484 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy