Session Management Flaw in Langflow AI Tool
CVE-2026-55423

6.1MEDIUM

Key Information:

Vendor

Langflow-ai

Status
Langflow
Vendor
CVE Published:
23 June 2026

What is CVE-2026-55423?

Langflow, a tool designed for creating and deploying AI-driven agents and workflows, contains a session management issue prior to version 1.7.0. The logout button was not functioning correctly, allowing users to remain logged in, which posed a risk of unauthorized access when multiple users shared the same system. This security flaw emphasizes the importance of properly handling user sessions, particularly in environments where multiple users may need to access the application. The vulnerability has been addressed in version 1.7.0, where the logout functionality has been corrected to ensure sessions are cleared appropriately.

Affected Version(s)

langflow < 1.7.0

References

https://github.com/langflow-ai/langflow/security/advisori...
x_refsource_CONFIRM
https://github.com/langflow-ai/langflow/pull/10527
x_refsource_MISC
https://github.com/langflow-ai/langflow/pull/10528
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.