CVE Catalog

CVE-2026-33760

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

Langflow before version 1.9.0 contains an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints allow reading, modifying, renaming, or permanently deleting other users' data (messages, sessions, build artifacts, LLM transaction logs) without verifying resource ownership. An attacker only needs to supply the target's resource ID or flow_id.

Risk Assessment

An authenticated attacker can gain unauthorized access to sensitive data of other users, modify it, or permanently delete it, leading to a breach of data confidentiality, integrity, and availability within the organization.

Recommendation

Immediately update Langflow to version 1.9.0 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without verifying that the authenticated requester owns the targeted resource. Any authenticated user can read, modify, rename, or permanently delete another user's data by supplying the target's resource ID or flow_id. This is a classic IDOR/BOLA vulnerability. Notably, the same source file (monitor.py) contains one correctly-implemented endpoint that uses an ownership check, demonstrating the correct pattern was known but inconsistently applied. This vulnerability is fixed in 1.9.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS