Exposures › CVE-2026-33017
Langflow allows unauthenticated public flow creation via code injection, enabling attackers to bypass security controls.
Langflow's code injection vulnerability permits building public flows without authentication, bypassing security controls and exposing sensitive data to unauthorized users. DIB organizations must audit all Langflow integrations and enforce strict access controls to prevent unauthorized access to critical workflows.
Shame score — The vulnerability allows unauthenticated access to critical functionality, representing a significant security control bypass that could lead to data exposure.
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
No correlated FedRAMP products.