Langflow – Missing Authorization on download_image Endpoint_CVE-2026-5022

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.

Basic Information

ID CVE-2026-5022

Source tenable

Published Mar 27, 2026 at 14:34

Modified Mar 27, 2026 at 15:10

Affected Product

Vendor langflow-ai

Product langflow

Affected Versions langflow-ai langflow 0

CWE Classification

CWE-862

References

www.tenable.com /security/research/tra-2026-23

{
    "lastseen": "",
    "description": "The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.",
    "published": "2026-03-27T14:34:14.046Z",
    "modified": "2026-03-27T15:10:20.925Z",
    "type": "cve",
    "title": "Langflow - Missing Authorization on download_image Endpoint",
    "source": "tenable",
    "references": "https://www.tenable.com/security/research/tra-2026-23",
    "id": "CVE-2026-5022",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "langflow-ai langflow 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "langflow",
    "version": "0",
    "vendor": "langflow-ai",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}