Arbitrary File Read Vulnerability in Langflow by Langflow AI
CVE-2026-48520

6.1MEDIUM

Key Information:

Vendor: Langflow-ai
Status: Langflow
Vendor: CVE Published:; 23 June 2026

🔔 Create Langflow-ai Vulnerability Alert

What is CVE-2026-48520?

Langflow, a tool designed for creating and deploying AI-powered agents, has a vulnerability in its 'Shareable Playground' feature prior to version 1.10.0. This flaw allows unauthorized access to files, as it enables public execution of shared flows. When a flow is set to public, requests can specify file paths that Langflow reads, potentially leading to exposure of sensitive information. This issue affects both local file systems and supported S3 paths, posing significant risks based on flow configuration. The vulnerability has been addressed in version 1.10.0.

Affected Version(s)

langflow < 1.10.0

References

https://github.com/langflow-ai/langflow/security/advisori...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-48520 Data

JSON