{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33484", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-20T16:16:48.970Z", "datePublished": "2026-03-24T12:57:33.641Z", "dateUpdated": "2026-03-24T13:37:14.286Z"}, "containers": {"cna": {"title": "Langflow has Unauthenticated IDOR on Image Downloads", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5"}], "affected": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"version": ">= 1.0.0, < 1.9.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T12:57:33.641Z"}, "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch."}], "source": {"advisory": "GHSA-7grx-3xcx-2xv5", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T13:37:08.715624Z", "id": "CVE-2026-33484", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:37:14.286Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33484", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T13:37:08.715624Z"}}}], "references": [{"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:37:03.579Z"}}], "cna": {"title": "Langflow has Unauthenticated IDOR on Image Downloads", "source": {"advisory": "GHSA-7grx-3xcx-2xv5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"status": "affected", "version": ">= 1.0.0, < 1.9.0"}]}], "references": [{"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5", "name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T12:57:33.641Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33484", "state": "PUBLISHED", "dateUpdated": "2026-03-24T13:37:14.286Z", "dateReserved": "2026-03-20T16:16:48.970Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-24T12:57:33.641Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DFDBBCF-1947-4468-9C94-5CF03650A12D", "versionEndExcluding": "1.9.0", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch."}], "id": "CVE-2026-33484", "lastModified": "2026-03-24T19:20:13.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-24T14:16:30.607", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-639"}, {"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.9.0)"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "langflow", "source": "cna", "vendor": "langflow-ai"}, "product": "langflow", "vendor": "langflow"}], "analysis": {"en": {"generated_at": "2026-03-24T20:53:18.631651+00:00", "value": {"mitigation_remediation": ["Upgrade Langflow to version 1.9.0 or newer to apply the vendor patch that adds authentication to the image download endpoint.", "If an upgrade cannot be performed immediately, restrict the /api/v1/files/images endpoint so that only authenticated users can access it, for example by requiring an API key or token or by disabling the endpoint for unauthenticated traffic.", "Apply firewall rules or segment the network so that only trusted IP addresses can reach the application, limiting the exposure surface of the vulnerable endpoint.", "Continuously monitor access logs for unauthorized image download attempts and investigate any suspicious activity."], "summary": {"action": "Patch", "impact": "Unauthorized File Disclosure"}, "threat_synthesis": {"affected_systems": "The flaw affects all Langflow releases from 1.0.0 up to 1.8.1, which are provided by langflow\u2011ai. The 1.9.0 release includes a patch that enforces authentication checks on the image download route.", "description_and_impact": "A vulnerability in Langflow allows anyone to download image files from a tenant without providing authentication. The /api/v1/files/images/{flow_id}/{file_name} endpoint serves requested images without verifying the requestor\u2019s identity or whether the image belongs to the attendee. This flaw enables attackers to collect visual data that may contain sensitive content, violating confidentiality and potentially enabling further reconnaissance.", "risk_and_exploitability": "The CVSS score of 7.5 signals a high severity vulnerability. No EPSS data is reported, and the issue is not included in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires only an unauthenticated HTTP GET request once the attacker knows or can guess the flow_id and file_name, which are often exposed through other API outcomes. The low barrier to attack and the potential to expose all tenants\u2019 uploaded images make this flaw a significant risk in a multi\u2011tenant deployment."}}}}, "created": "2026-03-25T11:47:39.185949+00:00", "updated": "2026-03-25T20:50:17.784923+00:00", "vendors": ["langflow", "langflow$PRODUCT$langflow"]}