CVE-2025-68477 | langflow up to 1.6.x API Request server-side request forgery (GHSA-5993-7p27-66g5)

A vulnerability was found in langflow up to 1.6.x. It has been declared as critical. The impacted element is an unknown function of the component API Request Handler. Executing manipulation can lead to server-side request forgery.

This vulnerability is registered as CVE-2025-68477. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.VulDB Recent EntriesRead More