MEDIUM 6.1

PYSEC-2026-222

Details

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / langflow

Introduced in: 0 Fixed in: 1.7.0

Fix pip install --upgrade 'langflow>=1.7.0'

References

https://github.com/langflow-ai/langflow/pull/10528 [REPORT]
https://github.com/langflow-ai/langflow/pull/10527 [FIX]
https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276 [FIX]