CRITICAL 9.9

PYSEC-2026-221

상세

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / langflow

최초 영향 버전: 0 수정 버전: 1.9.2

수정 pip install --upgrade 'langflow>=1.9.2'

참고

https://github.com/langflow-ai/langflow/pull/12832 [FIX]
https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2 [EVIDENCE]