{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-55423", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-06-16T21:48:43.126Z", "datePublished": "2026-06-23T16:27:19.134Z", "dateUpdated": "2026-06-23T17:07:10.031Z"}, "containers": {"cna": {"title": "Langflow: Logout button does not clear session", "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "lang": "en", "description": "CWE-613: Insufficient Session Expiration", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276"}, {"name": "https://github.com/langflow-ai/langflow/pull/10527", "tags": ["x_refsource_MISC"], "url": "https://github.com/langflow-ai/langflow/pull/10527"}, {"name": "https://github.com/langflow-ai/langflow/pull/10528", "tags": ["x_refsource_MISC"], "url": "https://github.com/langflow-ai/langflow/pull/10528"}], "affected": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"version": "< 1.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-23T16:27:19.134Z"}, "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0."}], "source": {"advisory": "GHSA-7hw8-6q6r-4276", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-23T17:06:31.440801Z", "id": "CVE-2026-55423", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T17:07:10.031Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-55423", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-06-16T21:48:43.126Z", "datePublished": "2026-06-23T16:27:19.134Z", "dateUpdated": "2026-06-23T17:07:10.031Z"}, "containers": {"cna": {"title": "Langflow: Logout button does not clear session", "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "lang": "en", "description": "CWE-613: Insufficient Session Expiration", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276"}, {"name": "https://github.com/langflow-ai/langflow/pull/10527", "tags": ["x_refsource_MISC"], "url": "https://github.com/langflow-ai/langflow/pull/10527"}, {"name": "https://github.com/langflow-ai/langflow/pull/10528", "tags": ["x_refsource_MISC"], "url": "https://github.com/langflow-ai/langflow/pull/10528"}], "affected": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"version": "< 1.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-23T16:27:19.134Z"}, "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0."}], "source": {"advisory": "GHSA-7hw8-6q6r-4276", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-55423", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-23T17:06:31.440801Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T17:06:25.312Z"}}]}}

{}

{}

{}