Langflow versions before 1.5.1 contain an authorization bypass vulnerability (CWE-639, CWE-862) in the _read_flow helper function located in src/backend/base/langflow/api/v1/flows.py. The function's logic branches based on the AUTO_LOGIN setting to decide whether to filter flows by user_id. When AUTO_LOGIN is false (authentication enabled), the code fails to enforce ownership checks, allowing any authenticated user to retrieve flows by UUID regardless of ownership. This permits unauthorized reading, modification, or deletion of other users' flows, potentially exposing sensitive information such as plaintext API keys. The vulnerability was introduced by an attempt to accommodate public/example flows with null user_id under auto-login mode but left the authenticated path unprotected. The fix in version 1.5.1 removes the AUTO_LOGIN conditional and always restricts flow queries to the requesting user.

An attacker with authenticated access to langflow prior to version 1.5.1 can bypass authorization controls to read, modify, or delete any other user's AI workflow flows. This includes access to sensitive embedded data such as plaintext API keys, which could lead to further compromise of user accounts or services. The vulnerability affects confidentiality, integrity, and availability of user data within langflow.

Upgrade langflow to version 1.5.1 or later, where the vulnerability is fixed by unconditionally enforcing user ownership checks on flow queries. There is no indication of vendor advisory content stating 'no action required' or alternative mitigations. Patch status is confirmed by the version update. Users should prioritize updating to the fixed version to prevent unauthorized access to flows.