CVE-2026-34046

CVE-2026-34046 is a high-severity missing authorization vulnerability in langflow (pip), affecting versions <= 1.5.0. It is fixed in 1.5.1, 0.5.1.

Summary

Vulnerability

IDOR in GET/PATCH/DELETE /api/v1/flow/{flow_id}

The _read_flow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTO_LOGIN setting to decide whether to filter by user_id. When AUTO_LOGIN was False (i.e., authentication was enabled), neither branch enforced an ownership check, the query returned any flow matching the given UUID regardless of who owned it.

This exposed any authenticated user to:

  • Read any other user's flow, including embedded plaintext API keys
  • Modify the logic of another user's AI agents
  • Delete flows belonging to other users

The vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with user_id = NULL) under auto-login mode, but inadvertently left the authenticated path without an ownership filter.

Fix (PR #8956)

The fix removes the AUTO_LOGIN conditional entirely and unconditionally scopes the query to the requesting user:

-    auth_settings = settings_service.auth_settings
-    stmt = select(Flow).where(Flow.id == flow_id)
-    if auth_settings.AUTO_LOGIN:
-        stmt = stmt.where(
-            (Flow.user_id == user_id) | (Flow.user_id == None)  # noqa: E711
-        )
+    stmt = select(Flow).where(Flow.id == flow_id).where(Flow.user_id == user_id)

All three operations, read, update, and delete, route through _read_flow, so the single change covers the full attack surface. A cross-user isolation test (test_read_flows_user_isolation) was added to prevent regression.

Acknowledgements

Langflow thanks the security researcher who responsibly disclosed this vulnerability:

Impact

The application does not perform an authorization check before performing a sensitive operation. Typical impact: unauthorized access to restricted functionality or data.

Affected versions

langflow (<= 1.5.0) langflow-base (<= 0.5.0)

Security releases

langflow → 1.5.1 (pip) langflow-base → 0.5.1 (pip)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Upgrade the following packages to resolve this vulnerability:

langflow to 1.5.1 or later; langflow-base to 0.5.1 or later

Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.

Frequently Asked Questions

  1. What is CVE-2026-34046? CVE-2026-34046 is a high-severity missing authorization vulnerability in langflow (pip), affecting versions <= 1.5.0. It is fixed in 1.5.1, 0.5.1. The application does not perform an authorization check before performing a sensitive operation.
  2. Which packages are affected by CVE-2026-34046?
    • langflow (pip) (versions <= 1.5.0)
    • langflow-base (pip) (versions <= 0.5.0)
  3. Is there a fix for CVE-2026-34046? Yes. CVE-2026-34046 is fixed in 1.5.1, 0.5.1. Upgrade to this version or later.
  4. Is CVE-2026-34046 exploitable, and should I be worried? Whether CVE-2026-34046 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  5. What actually determines whether CVE-2026-34046 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  6. How do I fix CVE-2026-34046?
    • Upgrade langflow to 1.5.1 or later
    • Upgrade langflow-base to 0.5.1 or later

Other vulnerabilities in langflow

CVE-2026-55447CVE-2026-55446CVE-2026-55423CVE-2026-55255CVE-2026-55450

Stop the waste.
Protect your environment with Kodem.