Langflow Product Security Update Advisory (CVE-2026-33017)

overview

We have released a security update that addresses a vulnerability in Langflow products. users of affected products are encouraged to update to the latest version.

affected products

CVE-2026-33017

Langflow version: 1.8.1 and earlier

resolved Vulnerabilities

Remote code execution vulnerability on the endpoint (CVE-2026-33017)

vulnerability patches

Vulnerability patches have been made available in the latest update. please follow the instructions on the reference site to update to the latest version of the vulnerability patch.

CVE-2026-33017

Langflow version: 1.9.0 and higher

references

[1] Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx