CVE-2026-33053 in langflow
Summary
by MITRE • 03/20/2026
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/26/2026
The vulnerability identified in CVE-2026-33053 affects Langflow, a platform designed for constructing and deploying artificial intelligence-powered agents and workflows. This security flaw exists in versions prior to 1.9.0 and stems from a critical authorization bypass in the application's API key management system. The issue manifests through the delete_api_key_route() endpoint which processes requests to remove API keys from the system. When a user submits a deletion request, the endpoint accepts an api_key_id parameter through the URL path and attempts to delete the corresponding API key. However, the authentication mechanism employed only verifies that the user is authenticated through the get_current_active_user dependency without performing any ownership validation.
The technical flaw represents a classic case of insufficient authorization checking where the application assumes that any authenticated user can delete any API key within the system. This design oversight allows for privilege escalation and unauthorized access to resources that should be restricted to specific users. The delete_api_key() CRUD function, which handles the actual deletion operation, fails to implement proper access control validation. Specifically, it does not verify that the API key being targeted for deletion belongs to the currently authenticated user before proceeding with the removal. This absence of ownership verification creates a direct path for attackers to potentially delete API keys that belong to other users, thereby compromising their access to the system.
The operational impact of this vulnerability extends beyond simple data integrity concerns and presents significant security risks to organizations relying on Langflow for AI workflow management. An attacker who gains access to any authenticated user account could leverage this vulnerability to systematically delete API keys belonging to other users, effectively disrupting their access to AI-powered services and potentially causing operational downtime. The implications are particularly severe in multi-tenant environments where users share the same platform but require isolated access to their individual resources. This vulnerability could enable unauthorized users to perform account takeover attacks by deleting legitimate API keys and then creating new ones under their control, effectively hijacking other users' workflows and data access permissions. The issue also violates fundamental security principles of least privilege and separation of concerns within the application's access control model.
Security mitigations for this vulnerability should focus on implementing proper authorization checks within the CRUD operations. The delete_api_key() function must be enhanced to verify that the API key being deleted is owned by the currently authenticated user before proceeding with the deletion process. This requires adding a validation step that cross-references the api_key_id parameter against the user's ownership records within the database. The application should implement a robust ownership verification mechanism that ensures users can only perform operations on resources they legitimately own. Additionally, logging and monitoring should be enhanced to track API key deletion activities, including user identifiers, target API key IDs, and timestamps of operations. From a compliance perspective, this vulnerability aligns with CWE-285, which addresses improper authorization in software systems, and could be categorized under ATT&CK technique T1531 for credential access and T1078 for valid accounts, as it enables unauthorized access to resources through compromised credentials. Organizations should immediately upgrade to Langflow version 1.9.0 or later, which contains the necessary authorization fixes, and implement additional monitoring controls to detect potential exploitation attempts.