CVE-2026-6598 | langflow-ai langflow up to 1.8.3 Project Creation Endpoint projects.py create_project/encrypt_auth_settings cleartext storage in file

A vulnerability classified as problematic was found in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settings leads to cleartext storage in a file or on disk.

This vulnerability is uniquely identified as CVE-2026-6598. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6598 | langflow-ai langflow up to 1.8.3 Project Creation Endpoint projects.py create_project/encrypt_auth_settings cleartext storage in file

Post correlati

CVE-2024-0264 | SourceCodester Clinic Queuing System 1.0 /LoginRegistration.php formToken authorization

CVE-2025-4169 | Posts per Cat Plugin up to 1.4.2 on WordPress Shortcode ppc cross site scripting

CVE-2024-33904 | Hyprland up to 0.39.1 plugins/HookSystem.cpp temp file (28c8561)

CVE-2024-23290 | Apple tvOS access control