ByteOS Network

NVD Vulnerability Details :

CVE-2026-55446

Undergoing Analysis

Source-security-advisories@github.com

Published At-23 Jun, 2026 | 17:17

Updated At-23 Jun, 2026 | 18:18

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time. This vulnerability is fixed in 1.0.19.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
			N/A

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: N/A

Version:

Base score:

Base severity: N/A

Vector:

Weaknesses

CWE ID	Type	Source
CWE-400	Secondary	security-advisories@github.com

CWE ID: CWE-400

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/langflow-ai/langflow/pull/3923	security-advisories@github.com	N/A
https://github.com/langflow-ai/langflow/security/advisories/GHSA-qwqc-p3q8-wcg9	security-advisories@github.com	N/A
https://github.com/langflow-ai/langflow/security/advisories/GHSA-qwqc-p3q8-wcg9	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A