PRP: Langflow CVE-2026-21445 Missing Authentication on Critical API Endpoints

[saurabhb-dev]

• Identifier of the vulnerability: CVE-2026-21445 and GHSA-c5cp-vx83-jhqx
• Affected software: Langflow (versions < 1.7.0)
• Type of vulnerability: Missing Authentication for Critical Function
• Requires authentication: No
• Language you would use for writing the plugin: Templated plugins
• Resources:
  • GHSA-c5cp-vx83-jhqx
  • https://nvd.nist.gov/vuln/detail/CVE-2026-21445

[github-actions]

Welcome to the Tsunami patch reward program!

Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.

Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.

~The Tsunami PRP team