CVE-2026-33484
Summary
The /api/v1/files/images/{flowid}/{filename} endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns the image with HTTP 200.
Details
src/backend/base/langflow/api/v1/files.py:138-164 — download_image takes flow_id: UUID as a bare path parameter with no Depends(get_flow) or CurrentActiveUser. All other file routes (download_file, upload_file, list_files, delete_file) use Depends(get_flow) which enforces both authentication and ownership. There is no global auth middleware on /api/v1; protection is per-endpoint only.
PoC
curl -v "http://localhost:7860/api/v1/files/images/<flow_uuid>/<filename.png>"
## Returns HTTP 200 with image bytes, no auth header requiredImpact
Unauthenticated cross-tenant data leak. In a multi-tenant deployment, any attacker who can discover or guess a flow_id (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials.
Package Versions Affected
Automatically patch vulnerabilities without upgrading
CVSS Version
Related Resources
References
https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5, https://nvd.nist.gov/vuln/detail/CVE-2026-33484, https://github.com/langflow-ai/langflow
Basic Information
