CVE-2026-33484
Insecure Direct Object Reference in Langflow Image Endpoint
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langflow | langflow | From 1.0.0 (inc) to 1.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33484 is an unauthenticated Insecure Direct Object Reference (IDOR) vulnerability in the langflow package versions 1.0.0 through 1.8.1. The vulnerability exists in the endpoint `/api/v1/files/images/{flow_id}/{file_name}`, which serves image files without any authentication or ownership verification.
Any attacker who can guess or obtain a valid `flow_id` (a UUID) and `file_name` can download image files belonging to other users without providing any credentials. UUIDs can be leaked through other API responses, making it easier to exploit.
This issue arises because the vulnerable endpoint does not use authentication dependencies or ownership checks, unlike other file-related endpoints in langflow. There is no global authentication middleware protecting the `/api/v1` route, so protection is only applied on a per-endpoint basis.
The vulnerability is classified under improper access control and authorization bypass weaknesses and was patched in langflow version 1.9.0.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker to access and download image files uploaded by other users in a multi-tenant deployment of langflow.
Because there is no authentication or ownership check on the vulnerable endpoint, attackers can exploit leaked or guessed `flow_id` UUIDs to retrieve sensitive images without any credentials.
The impact is a high confidentiality breach, as attackers can access private user data (images) across tenants, potentially leading to data leakage and privacy violations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the endpoint `/api/v1/files/images/{flow_id}/{file_name}` without authentication and observing if the server returns image files with HTTP 200 status.
To detect it on your system or network, you can try to enumerate or guess valid `flow_id` UUIDs (which may be leaked through other API responses) and then send unauthenticated HTTP GET requests to the endpoint with those IDs and file names.
Example command using curl to test access to an image file without authentication:
- curl -i http://your-langflow-server/api/v1/files/images/<flow_id>/<file_name>
If the response status is 200 and the image file is returned without any authentication prompt, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade langflow to version 1.9.0 or later, where this vulnerability has been patched.
Until the upgrade can be performed, consider restricting access to the vulnerable endpoint by implementing authentication and authorization checks or network-level controls such as firewall rules to limit access to trusted users only.
Additionally, monitor API responses for leakage of `flow_id` UUIDs and reduce their exposure to prevent attackers from guessing valid IDs.