H3-2026-0055¶
Hardcoded Langflow Default Superuser Vulnerability
| Category | VULNERABILITY |
| Base Score | 9.8 |
Description¶
Langflow 1.10.1 and earlier creates a default superuser account with hardcoded credentials (langflow/langflow) under the shipped AUTO_LOGIN=True default. The teardown that should remove the account when an operator later disables AUTO_LOGIN is defeated once the account has a last_login_at stamp, which /auto_login sets during normal use. As a result, instances hardened by disabling AUTO_LOGIN still accept the vendor default credentials for a superuser account.
Impact¶
An unauthenticated attacker can authenticate as the built-in Langflow superuser via the vendor default credentials, enumerate every user account, read and modify all flows and API keys, and execute code on the server through flow components.