News

CVE-2026-33017: Unauthenticated RCE in Langflow’s Public Flow Endpoint Explained

Langflow fixed an unauthenticated RCE (CVE-2025-3248) by adding auth to /api/v1/validate/code. But the public flow build endpoint...