CVE-2026-33760
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
Langflow before version 1.9.0 contains an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints allow reading, modifying, renaming, or permanently deleting other users' data (messages, sessions, build artifacts, LLM transaction logs) without verifying resource ownership. An attacker only needs to supply the target's resource ID or flow_id.
Risk Assessment
An authenticated attacker can gain unauthorized access to sensitive data of other users, modify it, or permanently delete it, leading to a breach of data confidentiality, integrity, and availability within the organization.
Recommendation
Immediately update Langflow to version 1.9.0 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without verifying that the authenticated requester owns the targeted resource. Any authenticated user can read, modify, rename, or permanently delete another user's data by supplying the target's resource ID or flow_id. This is a classic IDOR/BOLA vulnerability. Notably, the same source file (monitor.py) contains one correctly-implemented endpoint that uses an ownership check, demonstrating the correct pattern was known but inconsistently applied. This vulnerability is fixed in 1.9.0.

