CVE-2026-6599: Langflow vulnerable to injection

April 20, 2026 (updated April 28, 2026)

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument X-Forwarded-For results in injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

gist.github.com/chenhouser2025/a909c47316b7a0948ee68c109ab747a3
github.com/advisories/GHSA-v66p-f7x3-4794
github.com/langflow-ai/langflow
nvd.nist.gov/vuln/detail/CVE-2026-6599
vuldb.com/submit/791922
vuldb.com/vuln/358234
vuldb.com/vuln/358234/cti

Code Behaviors & Features

Detect and mitigate CVE-2026-6599 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →