Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time. This vulnerability is fixed in 1.0.19.
Metrics
Affected Vendors & Products
References
History
Wed, 24 Jun 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Langflow
Langflow langflow |
|
| Vendors & Products |
Langflow
Langflow langflow |
Tue, 23 Jun 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 23 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time. This vulnerability is fixed in 1.0.19. | |
| Title | Langflow: Unauthenticated DoS through multipart form boundary file upload | |
| Weaknesses | CWE-400 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-06-23T16:26:17.990Z
Updated: 2026-06-23T17:56:37.766Z
Reserved: 2026-06-16T21:59:57.018Z
Link: CVE-2026-55446
Updated: 2026-06-23T17:56:26.114Z
No data.
No data.