Langflow IDOR Vulnerability Allows Cross-User Flow Manipulation
Langflow versions 1.5.0 and earlier contain an IDOR vulnerability (CVE-2026-34046) that allows authenticated users to read, modify, and delete flows belonging to other users due to a missing ownership check, potentially exposing sensitive information and enabling unauthorized control over AI agent logic.
Langflow, a platform for building AI agents, suffered from an Insecure Direct Object Reference (IDOR) vulnerability affecting versions 1.5.0 and earlier. This flaw, identified as CVE-2026-34046, resided in the _read_flow helper function within the src/backend/base/langflow/api/v1/flows.py file. The vulnerability arose from a conditional check related to the AUTO_LOGIN setting, which inadvertently bypassed ownership validation when authentication was enabled. As a result, any authenticated…
Detection coverage 2
Detect Langflow Unauthorized Flow Access
highDetects attempts to access Langflow flows using a flow_id that does not belong to the current user based on HTTP 403 status codes. This suggests a potential IDOR vulnerability exploitation attempt.
Detect Langflow Flow Modification by Unauthorized User
highDetects attempts to modify Langflow flows by users who do not own the flow, based on PATCH requests to the /api/v1/flow/ endpoint combined with a 403 status code, indicative of IDOR exploitation.
Detection queries are kept inside the platform. Get full rules →