CVE-2026-33053: Langflow is Missing Ownership Verification in API Key Deletion (IDOR)
Detection Method: Kolega.dev Deep Code Scan
| Attribute | Value |
|---|---|
| Location | src/backend/base/langflow/api/v1/api_key.py:44-53 |
| Practical Exploitability | High |
| Developer Approver | faizan@kolega.ai |
References
- github.com/advisories/GHSA-rf6x-r45m-xv3w
- github.com/langflow-ai/langflow
- github.com/langflow-ai/langflow/commit/fdc1b3b1448ff3317d73d3e769a6c4a1717f74d7
- github.com/langflow-ai/langflow/releases/tag/1.7.2
- github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w
- nvd.nist.gov/vuln/detail/CVE-2026-33053
Code Behaviors & Features
Detect and mitigate CVE-2026-33053 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →