CVE-2026-48520
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
In Langflow before version 1.10.0, the 'Shareable Playground' ('Public Flows') feature allowed public execution of flows. The execution request could contain a list of files read by Langflow and fed into the LLM, enabling arbitrary file reads from local or S3 paths depending on configuration.
Risk Assessment
An attacker can read sensitive files from the server or S3 storage, leading to exposure of confidential organizational data.
Recommendation
Immediately upgrade Langflow to version 1.10.0 or later. Until upgraded, disable the public flows feature.
Original NVD description (English source)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of the flow is allowed. The execution request can contain a list of files that gets read by Langflow and fed into the LLM. The files path can be any path supported by the storage - it can be either a local file or S3 path if supported by the local configuration This vulnerability is fixed in 1.10.0.

