Broken Access Control in Langflow Monitoring API
CVE-2026-21445 is a critical broken access control vulnerability in Langflow, a platform for building and deploying AI-powered agents and workflows. In versions prior to the fix, multiple monitoring-related API endpoints lacked required authentication checks, allowing unauthenticated access to functionality that should have been restricted to authorized users. Reported affected routes include /api/v1/monitor/messages, /api/v1/monitor/transactions, and /api/v1/monitor/messages/session/{session_id}. As a result, remote attackers could query sensitive monitoring data such as user conversation content and transaction histories, and invoke destructive operations including message deletion. The issue is described as missing authentication controls on critical functions and aligns with CWE-306.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos.
This repository provides a proof-of-concept (PoC) exploit for CVE-2026-21445, targeting the Langflow product (versions prior to 1.5.1) on Microsoft Windows. The main exploit script, 'CVE-2026-21445.py', is heavily obfuscated using PyArmor, making the actual exploit logic unreadable. The repository includes the PyArmor runtime and a license file to enable execution of the obfuscated code. Documentation files (README.md, docs/description.md, docs/mitigation.md) clarify that the PoC is for academic and defensive research only, and provide mitigation advice (upgrade Langflow, restrict network exposure, enable authentication and TLS). The README and mitigation docs indicate the exploit likely targets a network-exposed service and may involve malformed BSON requests. The repository structure is typical for a PoC: a main exploit script, obfuscation runtime, license, documentation, and screenshots. No hardcoded network endpoints or IPs are visible due to obfuscation, but the attack vector is network-based. The exploit is not weaponized and is intended for controlled research environments.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
15 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Another Langflow vulnerability referenced as having seen exploitation activity this year, but no further technical details are provided in the content.
Another Langflow vulnerability referenced as having seen similar targeting activity earlier in the year.
A critical broken access control vulnerability in Langflow that allows unauthenticated access to sensitive conversation and transaction data and permits destructive actions such as message deletion via exposed API endpoints.
A missing authentication vulnerability in Langflow prior to version 1.7.0.dev45 allows unauthenticated access to sensitive API endpoints, exposing user data and enabling destructive operations.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.