CVE-2024-9277: A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unkno
Summary
Langflow up to version 1.0.18 contains a vulnerability in its HTTP POST Request Handler that causes inefficient regular expression complexity (ReDoS, a type of denial-of-service attack where maliciously crafted input makes pattern-matching code run very slowly) when processing the 'remaining_text' argument. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.1 (medium severity) and has been publicly disclosed, though the vendor did not respond to early notification.
Vulnerability Details
3.5(low)
EPSS: 0.2%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-9277
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 85%