Cyber Resilience

CVE-2026-21445

HighPublic PoC

Published: 02 January 2026

Published
02 January 2026
Modified
16 January 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.2066 97.2th percentile
Risk Priority 60 floored blend · peak EPSS

Summary

CVE-2026-21445 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Langflow Langflow. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-21445 is a critical authentication bypass vulnerability affecting Langflow, an open-source tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints lack proper authentication controls, enabling unauthorized access to sensitive data and operations. This flaw, classified under CWE-306 (Missing Authentication for Critical Function), carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), highlighting its high severity due to network accessibility, low attack complexity, and no required privileges.

Any unauthenticated attacker with network access to a vulnerable Langflow instance can exploit this issue. Successful exploitation allows reading sensitive user conversation data and transaction histories, as well as performing destructive actions such as message deletion on endpoints that handle personal data and system operations. The vulnerability provides high-impact confidentiality and integrity violations without affecting availability.

The Langflow security advisory (GHSA-c5cp-vx83-jhqx) and associated patch commit (3fed9fe1b5658f2c8656dbd73508e113a96e486a) confirm that upgrading to version 1.7.0.dev45 resolves the issue by implementing required authentication controls on the affected endpoints. Security practitioners should prioritize updating instances and reviewing access logs for potential unauthorized activity.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories,…

more

and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, langflow

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an authentication bypass in public-facing API endpoints of Langflow, enabling unauthenticated remote exploitation for data access and manipulation, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7524Same product: Langflow Langflow
CVE-2026-33017Same product: Langflow Langflow
CVE-2026-33309Same product: Langflow Langflow
CVE-2026-42048Same product: Langflow Langflow
CVE-2026-0770Same product: Langflow Langflow
CVE-2026-33484Same product: Langflow Langflow
CVE-2026-33873Same product: Langflow Langflow
CVE-2026-27966Same product: Langflow Langflow
CVE-2025-34291Same product: Langflow Langflow
CVE-2026-33497Same product: Langflow Langflow

Affected Assets

langflow
langflow
≤ 1.7.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by explicitly defining and restricting permitted actions without identification or authentication on critical API endpoints handling sensitive data and operations.

prevent

Enforces approved authorizations for logical access to system resources, ensuring authentication is required before allowing access to sensitive conversation data, transaction histories, or destructive operations.

prevent

Requires identification and authentication of organizational users prior to accessing the Langflow APIs, preventing unauthenticated exploitation of endpoints lacking authentication controls.

References