{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33053", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T18:10:50.212Z", "datePublished": "2026-03-20T06:53:48.471Z", "dateUpdated": "2026-03-20T18:07:41.668Z"}, "containers": {"cna": {"title": "Langflow has Missing Ownership Verification in API Key Deletion (IDOR)", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:L", "version": "4.0"}}], "references": [{"name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w"}], "affected": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"version": "< 1.9.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T06:53:48.471Z"}, "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion."}], "source": {"advisory": "GHSA-rf6x-r45m-xv3w", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T16:22:42.438638Z", "id": "CVE-2026-33053", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T18:07:41.668Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33053", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T16:22:42.438638Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T16:22:47.808Z"}}], "cna": {"title": "Langflow has Missing Ownership Verification in API Key Deletion (IDOR)", "source": {"advisory": "GHSA-rf6x-r45m-xv3w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:L", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"status": "affected", "version": "< 1.9.0"}]}], "references": [{"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w", "name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T06:53:48.471Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33053", "state": "PUBLISHED", "dateUpdated": "2026-03-20T18:07:41.668Z", "dateReserved": "2026-03-17T18:10:50.212Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T06:53:48.471Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "D51A889E-5C89-4A92-B32B-C91EAF735430", "versionEndExcluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion."}, {"lang": "es", "value": "Langflow es una herramienta para construir y desplegar agentes y flujos de trabajo impulsados por IA. En versiones anteriores a la 1.9.0, el endpoint delete_api_key_route() acepta un par\u00e1metro de ruta api_key_id y lo elimina con solo una verificaci\u00f3n de autenticaci\u00f3n gen\u00e9rica (dependencia get_current_active_user). Sin embargo, la funci\u00f3n CRUD delete_api_key() NO verifica que la clave API pertenezca al usuario actual antes de la eliminaci\u00f3n."}], "id": "CVE-2026-33053", "lastModified": "2026-03-20T19:39:11.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T07:16:13.160", "references": [{"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.9.0)"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "langflow", "source": "cna", "vendor": "langflow-ai"}, "product": "langflow", "vendor": "langflow"}], "analysis": {"en": {"generated_at": "2026-03-20T09:53:26.209308+00:00", "value": {"mitigation_remediation": ["Upgrade to Langflow version\u202f1.9.0 or newer, which implements proper ownership verification for API key deletion."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Deletion of API Keys"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the langflow\u2011ai:langflow product in all releases prior to version\u202f1.9.0; any installation of the product before this update is considered vulnerable.", "description_and_impact": "Langflow\u2019s delete_api_key_route() endpoint accepts a path parameter for the API key identifier and performs only a generic authentication check; it does not verify that the key belongs to the authenticated user. This flaw is an Insecure Direct Object Reference (CWE\u2011639) that allows an authenticated attacker to delete another user\u2019s API key, potentially disrupting access to AI agents and workflows without exposing additional privileges or code execution.", "risk_and_exploitability": "The CVSS score of 6.1 indicates a moderate severity vulnerability. No EPSS score is available and it is not listed in the CISA KEV catalog. Exploitation requires the attacker to be an authenticated user; by providing the key identifier of another user, the attacker can trigger deletion. The impact is limited to loss of that key and disruption of associated services, with no known lateral movement or code execution capabilities."}}}}, "created": "2026-03-20T08:52:17.930479+00:00", "updated": "2026-03-20T10:36:59.122942+00:00", "vendors": ["langflow", "langflow$PRODUCT$langflow"]}