Auth bypass in Langflow-ai Langflow

CVE-2026-33053

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (ge…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (18.1th percentile) — read the EPSS interpretation.