Impact
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to release 1.9.1, its /api/v1/responses endpoint contains an IDOR flaw that allows an authenticated attacker to specify another user's flow ID and trigger its execution. This vulnerability is fixed in version 1.9.1.
Affected Systems
The vulnerable product is Langflow by langflow‑ai. Versions prior to 1.9.1 are affected. The specific endpoint responsible for the flaw is /api/v1/responses.
Risk and Exploitability
With a CVSS score of 8.4, this vulnerability is considered high severity. The EPSS Score of < 1% indicates a low likelihood of exploitation, yet the vulnerability is listed in the CISA KEV catalog, underscoring its significance. The attack surface requires only authenticated access; an attacker can maliciously specify another user’s flow ID to trigger its execution, based on the description, it is inferred that missing authorization checks allow direct control over another user’s workflow.
OpenCVE Enrichment
Github GHSA