{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-55423", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-06-16T21:48:43.126Z", "datePublished": "2026-06-23T16:27:19.134Z", "dateUpdated": "2026-06-23T17:07:10.031Z"}, "containers": {"cna": {"title": "Langflow: Logout button does not clear session", "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "lang": "en", "description": "CWE-613: Insufficient Session Expiration", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276"}, {"name": "https://github.com/langflow-ai/langflow/pull/10527", "tags": ["x_refsource_MISC"], "url": "https://github.com/langflow-ai/langflow/pull/10527"}, {"name": "https://github.com/langflow-ai/langflow/pull/10528", "tags": ["x_refsource_MISC"], "url": "https://github.com/langflow-ai/langflow/pull/10528"}], "affected": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"version": "< 1.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-23T16:27:19.134Z"}, "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0."}], "source": {"advisory": "GHSA-7hw8-6q6r-4276", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-23T17:06:31.440801Z", "id": "CVE-2026-55423", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T17:07:10.031Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-55423", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-23T17:06:31.440801Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T17:06:25.312Z"}}], "cna": {"title": "Langflow: Logout button does not clear session", "source": {"advisory": "GHSA-7hw8-6q6r-4276", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "langflow-ai", "product": "langflow", "versions": [{"status": "affected", "version": "< 1.7.0"}]}], "references": [{"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276", "name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/langflow-ai/langflow/pull/10527", "name": "https://github.com/langflow-ai/langflow/pull/10527", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/langflow-ai/langflow/pull/10528", "name": "https://github.com/langflow-ai/langflow/pull/10528", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613: Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-23T16:27:19.134Z"}}}, "cveMetadata": {"cveId": "CVE-2026-55423", "state": "PUBLISHED", "dateUpdated": "2026-06-23T17:07:10.031Z", "dateReserved": "2026-06-16T21:48:43.126Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-23T16:27:19.134Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.0)"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "langflow", "source": "cna", "vendor": "langflow-ai"}, "product": "langflow", "vendor": "langflow"}], "created": "2026-06-23T19:00:07.422128+00:00", "updated": "2026-06-24T16:00:06.932622+00:00", "vendors": ["langflow", "langflow$PRODUCT$langflow"]}