PT-2026-33692 · Langflow Ai · Langflow

Eric-D

Published

2026-04-20

Updated

2026-04-20

CVE-2026-6597

CVSS v2.0

3.3

Low

Vector

AV:N/AC:L/Au:M/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions langflow-ai langflow versions prior to 1.8.4

Description A weakness in the Flow Using API component allows for the unprotected storage of credentials. This issue occurs within the remove api keys/has api terms function located in the 'src/backend/base/langflow/api/utils/core.py' file. The flaw can be triggered remotely.

Recommendations Update to a version newer than 1.8.3. As a temporary workaround, restrict access to the remove api keys/has api terms function to minimize the risk of credential exposure.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-256CWE-255

Related Identifiers

CVE-2026-6597

GHSA-5JJF-WCVF-923W

Affected Products

Langflow

PT-2026-33692 · Langflow Ai · Langflow

CVE-2026-6597

Weakness Enumeration

Related Identifiers

Affected Products

References · 8