CVE-2026-33053
Published: 20 March 2026
Summary
CVE-2026-33053 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Langflow Langflow. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Account Access Removal (T1531); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 enforces approved authorizations for access to system resources, directly mitigating the missing ownership verification in the delete_api_key() function that allows deletion of arbitrary API keys.
AC-6 implements least privilege, restricting authenticated users to deleting only their own API keys and preventing unauthorized deletions of others' keys.
IA-5 manages authenticators such as API keys throughout their lifecycle, including procedures to ensure only owners can revoke or delete them.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authorization bypass in delete_api_key endpoint directly enables unauthorized deletion of arbitrary user API keys, matching the Account Access Removal technique by disrupting authenticated access to workflows.
NVD Description
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD…
more
function does NOT verify that the API key belongs to the current user before deletion.
Deeper analysisAI
CVE-2026-33053 is an authorization bypass vulnerability (CWE-639) in Langflow, an open-source tool for building and deploying AI-powered agents and workflows. It affects versions prior to 1.9.0 and was published on 2026-03-20. The issue lies in the delete_api_key_route() endpoint, which accepts an api_key_id path parameter and deletes the specified API key after only a generic authentication check via the get_current_active_user dependency. However, the delete_api_key() CRUD function does not verify that the API key belongs to the current user, allowing deletion of arbitrary API keys. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A low-privileged authenticated attacker can exploit this over the network with low attack complexity and no user interaction. By providing the api_key_id of any target API key, the attacker bypasses ownership checks and deletes it, potentially disrupting other users' access to Langflow workflows and achieving high impacts on confidentiality, integrity, and availability.
The GitHub security advisory (GHSA-rf6x-r45m-xv3w) at https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w addresses this issue, with mitigation achieved by upgrading to Langflow 1.9.0 or later, where proper ownership verification is enforced in the delete_api_key() function.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai