CVE-2026-33497 in langflow-ai langflow信息

摘要 (英语)

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.

负责

GitHub_M

预定

2026-03-20

披露

2026-03-24

条目

VulDB provides additional information and datapoints for this CVE:

标识符	漏洞	CWE	可利用	对策	CVE
352770	langflow-ai langflow Parameter profile_pictures download_profile_picture 目录遍历	22	未定义	官方修复	CVE-2026-33497

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!