CVE-2025-68477

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0

Description Langflow is a tool for building and deploying AI-powered agents and workflows. The API Request component allows issuing arbitrary HTTP requests within a flow. Prior to version 1.7.0, the component performs limited validation of user-supplied URLs, failing to block access to private IP ranges (127[.]0[.]0[.]1, the 10/172/192 ranges) or cloud metadata endpoints (169[.]254[.]169[.]254). This allows for non-blind Server-Side Request Forgery (SSRF) attacks via the flow execution endpoints ''/api/v1/run'' and ''/api/v1/run/advanced'', which can be accessed with an API key. An attacker controlling the API Request URL can access internal resources, including administrative endpoints, metadata services, and internal databases, potentially leading to information disclosure and further attacks. The vulnerable component uses a user-supplied URL (url) and sends the request using an httpx client.

Recommendations Versions prior to 1.7.0 should be updated to version 1.7.0 or later.