CVE-2026-5022
Unauthenticated Access to Images via API Endpoint in Flow Service
Publication date: 2026-03-27
Last updated on: 2026-04-20
Assigner: Tenable Network Security, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langflow | langflow | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated users to download images belonging to any flow by bypassing authentication and authorization checks. This unauthorized access to potentially sensitive or private data could lead to non-compliance with data protection regulations such as GDPR or HIPAA, which require strict controls over access to personal or sensitive information.
Since the vulnerability exposes data without proper access controls, organizations using the affected product (Langflow) may face risks related to data confidentiality and privacy obligations under these regulations.
Can you explain this vulnerability to me?
CVE-2026-5022 is a vulnerability in Langflow where the endpoint '/api/v1/files/images/{flow_id}/{file_name}' does not enforce any authentication or authorization checks.
This means that any unauthenticated user can download image files associated with any flow simply by knowing or guessing the flow ID and the file name.
The lack of these security checks allows unauthorized access to potentially sensitive or private image data.
How can this vulnerability impact me? :
The vulnerability allows any unauthenticated user to download images belonging to any flow without permission.
This can lead to exposure of sensitive or private data contained in those images.
Since there is no authentication or authorization, attackers or unauthorized users can exploit this to access data they should not have.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves unauthorized access to the endpoint `/api/v1/files/images/{flow_id}/{file_name}` without authentication or authorization checks.
To detect this vulnerability on your network or system, you can monitor for HTTP requests targeting this specific endpoint, especially those that attempt to download image files by guessing or enumerating flow IDs and file names.
Suggested commands include using network monitoring tools or web server logs to identify suspicious access patterns to the vulnerable endpoint.
- Using curl to test access without authentication: `curl -I http://<target>/api/v1/files/images/<flow_id>/<file_name>`
- Using grep on web server logs to find access attempts: `grep "/api/v1/files/images/" /var/log/nginx/access.log`
- Using network monitoring tools like Wireshark or tcpdump to filter HTTP GET requests to the vulnerable endpoint.
What immediate steps should I take to mitigate this vulnerability?
At the time of the advisory, there is no known solution or patch available to mitigate this vulnerability.
Immediate steps include monitoring and restricting access to the vulnerable endpoint, implementing network-level controls such as firewall rules to limit access, and closely watching for unauthorized download attempts.
Additionally, users should stay updated with vendor communications for any forthcoming patches or fixes and consider applying compensating controls such as authentication proxies or API gateways to enforce access control.