CVE-2026-55423 | Langflow is a tool for building and deploying AI-powered age… | CVSS 6.1 MEDIUM

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0.

Metadata

CVE ID: CVE-2026-55423
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-06-16 21:48 UTC
Published: 2026-06-23 16:27 UTC
Last updated: 2026-06-23 17:07 UTC
Primary CWE: CWE-613
CWE-613: Insufficient Session Expiration
Vendor / Product: langflow-ai / langflow
Sources: cve.org · NVD

Severity & Metrics

6.1 MEDIUM CVSS 3.1

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
langflow-ai	langflow	—	< 1.7.0

Weakness (CWE)

CWE	Source	Description
CWE-613	cna	CWE-613: Insufficient Session Expiration

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.1	MEDIUM	3.1	cna	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (3)

https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276 https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276
https://github.com/langflow-ai/langflow/pull/10527 https://github.com/langflow-ai/langflow/pull/10527
https://github.com/langflow-ai/langflow/pull/10528 https://github.com/langflow-ai/langflow/pull/10528