Tag
Langflow versions 1.0.0 through 1.8.1 are vulnerable to an unauthenticated image retrieval vulnerability (CVE-2026-33484) that allows attackers to download any user's uploaded images without credentials in multi-tenant deployments by accessing the `/api/v1/files/images/{flow_id}/{file_name}` endpoint.