Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time. This vulnerability is fixed in 1.0.19.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| langflow-ai | langflow | affected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-qwqc-p3q8-wcg9 | Langflow: Unauthenticated DoS through multipart form boundary file upload |
References
History
Tue, 23 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time. This vulnerability is fixed in 1.0.19. | |
| Title | Langflow: Unauthenticated DoS through multipart form boundary file upload | |
| Weaknesses | CWE-400 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-23T16:26:17.990Z
Reserved: 2026-06-16T21:59:57.018Z
Link: CVE-2026-55446
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-400
Uncontrolled Resource Consumption