CVE-2026-55423
6.1
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| langflow-ai | langflow | < 1.7.0 | affected |
Weaknesses
- CWE-613: CWE-613: Insufficient Session Expiration
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276
- https://github.com/langflow-ai/langflow/pull/10527
- https://github.com/langflow-ai/langflow/pull/10528
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.