CVE-2026-55423

MEDIUM EPSS 4.7%
Published Jun 23, 20266d ago · Modified Jun 24, 20265d ago
6.1 CVSS 3.1
Medium
Find Similar
Published Jun 23, 2026 6d ago
Last Modified Jun 24, 2026 5d ago

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0.

CVSS Details

Base Score
6.1
Exploitability
0.9
Impact
5.2
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
4.7% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-613

Affected Products 1

VendorProductVersionRange
langflowlangflow* <1.7.0

References 3

  • github.com https://github.com/langflow-ai/langflow/pull/10527
    Issue TrackingPatch
  • github.com https://github.com/langflow-ai/langflow/pull/10528
    Issue TrackingExploit
  • github.com https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276
    Vendor AdvisoryExploitPatch

Remediation

  • github.com https://github.com/langflow-ai/langflow/pull/10527
    Issue TrackingPatch
  • github.com https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276
    Vendor AdvisoryExploitPatch