{"data":{"id":"aadae2dd-557a-4880-895d-7265c9e755a2","title":"GHSA-8c4j-f57c-35cf: Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check","summary":"Langflow had a vulnerability where the code checking if a user owned a flow was missing when authentication was enabled, allowing any authenticated user to read, modify, or delete flows belonging to other users, including stealing embedded API keys. The fix removes the conditional logic and always checks that the requesting user owns the flow before allowing any operation.","solution":"The fix (PR #8956) removes the AUTO_LOGIN conditional and unconditionally scopes all flow queries to the requesting user by adding `.where(Flow.user_id == user_id)` to the database query. This single change covers all three vulnerable operations (read, update, delete) since they all route through the same `_read_flow` helper. A regression test called `test_read_flows_user_isolation` was added.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-8c4j-f57c-35cf","publishedAt":"2026-03-27T19:36:23.000Z","cveId":"CVE-2026-34046","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["langflow-base@<= 0.5.0 (fixed: 0.5.1)","langflow@<= 1.5.0 (fixed: 1.5.1)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-27T19:36:23.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}