CVE-2026-21445
Published: 02 January 2026
Summary
CVE-2026-21445 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Langflow Langflow. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-21445 is a critical authentication bypass vulnerability affecting Langflow, an open-source tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints lack proper authentication controls, enabling unauthorized access to sensitive data and operations. This flaw, classified under CWE-306 (Missing Authentication for Critical Function), carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), highlighting its high severity due to network accessibility, low attack complexity, and no required privileges.
Any unauthenticated attacker with network access to a vulnerable Langflow instance can exploit this issue. Successful exploitation allows reading sensitive user conversation data and transaction histories, as well as performing destructive actions such as message deletion on endpoints that handle personal data and system operations. The vulnerability provides high-impact confidentiality and integrity violations without affecting availability.
The Langflow security advisory (GHSA-c5cp-vx83-jhqx) and associated patch commit (3fed9fe1b5658f2c8656dbd73508e113a96e486a) confirm that upgrading to version 1.7.0.dev45 resolves the issue by implementing required authentication controls on the affected endpoints. Security practitioners should prioritize updating instances and reviewing access logs for potential unauthorized activity.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-0034
Vulnerability details
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories,…
more
and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, langflow
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in public-facing API endpoints of Langflow, enabling unauthenticated remote exploitation for data access and manipulation, directly mapping to T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CVE by explicitly defining and restricting permitted actions without identification or authentication on critical API endpoints handling sensitive data and operations.
Enforces approved authorizations for logical access to system resources, ensuring authentication is required before allowing access to sensitive conversation data, transaction histories, or destructive operations.
Requires identification and authentication of organizational users prior to accessing the Langflow APIs, preventing unauthenticated exploitation of endpoints lacking authentication controls.