CVE-2026-33497
EUVD-2026-1487724.03.2026, 14:16
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| langflow | langflow | 𝑥 < 1.7.1 |
𝑥
= Vulnerable software versions