CVE-2025-68477: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides
highvulnerability
security
Summary
Langflow, a tool for building AI-powered agents and workflows, has a vulnerability in versions before 1.7.0 where its API Request component can make arbitrary HTTP requests to internal network addresses. An attacker with an API key could exploit this SSRF (server-side request forgery, where a server is tricked into making requests to unintended targets) to access sensitive internal resources like databases and metadata services, potentially stealing information or preparing further attacks.
Solution / Mitigation
Update to version 1.7.0 or later, which contains a patch for this issue.
Vulnerability Details
CVSS Score
7.7(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
LangChain
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-68477
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 95%