CVE-2026-33484
Received Received - Intake
Insecure Direct Object Reference in Langflow Image Endpoint

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: GitHub, Inc.

Description
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-14
NVD
CVE-2026-33484
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langflow langflow From 1.0.0 (inc) to 1.9.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-33484 is an unauthenticated Insecure Direct Object Reference (IDOR) vulnerability in the langflow package versions 1.0.0 through 1.8.1. The vulnerability exists in the endpoint `/api/v1/files/images/{flow_id}/{file_name}`, which serves image files without any authentication or ownership verification.

Any attacker who can guess or obtain a valid `flow_id` (a UUID) and `file_name` can download image files belonging to other users without providing any credentials. UUIDs can be leaked through other API responses, making it easier to exploit.

This issue arises because the vulnerable endpoint does not use authentication dependencies or ownership checks, unlike other file-related endpoints in langflow. There is no global authentication middleware protecting the `/api/v1` route, so protection is only applied on a per-endpoint basis.

The vulnerability is classified under improper access control and authorization bypass weaknesses and was patched in langflow version 1.9.0.

Impact Analysis

This vulnerability allows an unauthenticated attacker to access and download image files uploaded by other users in a multi-tenant deployment of langflow.

Because there is no authentication or ownership check on the vulnerable endpoint, attackers can exploit leaked or guessed `flow_id` UUIDs to retrieve sensitive images without any credentials.

The impact is a high confidentiality breach, as attackers can access private user data (images) across tenants, potentially leading to data leakage and privacy violations.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by attempting to access the endpoint `/api/v1/files/images/{flow_id}/{file_name}` without authentication and observing if the server returns image files with HTTP 200 status.

To detect it on your system or network, you can try to enumerate or guess valid `flow_id` UUIDs (which may be leaked through other API responses) and then send unauthenticated HTTP GET requests to the endpoint with those IDs and file names.

Example command using curl to test access to an image file without authentication:

  • curl -i http://your-langflow-server/api/v1/files/images/<flow_id>/<file_name>

If the response status is 200 and the image file is returned without any authentication prompt, the vulnerability is present.

Mitigation Strategies

The immediate mitigation step is to upgrade langflow to version 1.9.0 or later, where this vulnerability has been patched.

Until the upgrade can be performed, consider restricting access to the vulnerable endpoint by implementing authentication and authorization checks or network-level controls such as firewall rules to limit access to trusted users only.

Additionally, monitor API responses for leakage of `flow_id` UUIDs and reduce their exposure to prevent attackers from guessing valid IDs.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33484. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart