CVE-2026-6597 | langflow-ai langflow up to 1.8.3 Flow Using API core.py remove_api_keys/has_api_terms credentials storage

A vulnerability classified as problematic has been found in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials.

This vulnerability is handled as CVE-2026-6597. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More