CVE-2026-55423

medium

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0.

References

https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276

https://github.com/langflow-ai/langflow/pull/10528

https://github.com/langflow-ai/langflow/pull/10527

Details

Source: Mitre, NVD

Published: 2026-06-23

Updated: 2026-06-24

Risk Information

CVSS v2

Base Score: 6.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00154