A critical vulnerability (CVE-2026-55450) in Langflow, an open-source platform, allows unauthenticated users to upload unlimited data, leading to potential denial-of-service conditions and information leaks. The CVSS score is 9.3, indicating a high severity. The flaw, due to missing authentication on the endpoint, affects versions prior to 1.9.1. A patch correcting the issue is available in version 1.9.1, which enforces authentication and limits upload sizes. Exploitation is made easier by a publicly available proof-of-concept.
Langflow File Upload Flaw: Details and PoC Exploit Publicly Disclosed (CVE-2026-55450)
CyberSIXT Evidence Panel
Article by CyberSIXT