CVEPublished 2026-01-021 article on news7 live referencesNVD data

CVE-2026-21445

Vulnerability data via CVEDB (Shodan)

CVSS v3.1
8.8
HIGH
EPSS percentile
97
Exploit Prediction Scoring System · top 3% of all CVEs
Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.

Timeline
Published 2026-01-02

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub (8)