Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}`…

Langflow versions 1.0.0 through 1.8.1 contain an authentication bypass vulnerability in the image serving endpoint. The /api/v1/files/images/{flow_id}/{file_name} endpoint serves image files without any authentication or ownership verification. Attackers can download any user's uploaded images in multi-tenant deployments by discovering or guessing flow_id values. UUIDs can be leaked through other API responses, making exploitation feasible. This represents a significant data exposure risk in shared environments. Version 1.9.0 provides a security patch to address this vulnerability.