CVE Request: Unresponsive maintainer — GHSA-mffc-w2jf-c592 (Langflow)

[manus-use]

CVE Assignment Request

Advisory: GHSA-mffc-w2jf-c592 (private, submitted to langflow-ai/langflow)
Severity: Critical (CVSS 9.8)
Affected package: langflow (PyPI)
CWE: CWE-94

Timeline

• 2026-02-21: Advisory submitted via private vulnerability reporting
• 2026-06-20 (today): No response from maintainers — 119 days, zero activity

Request

Requesting CVE assignment per CNA rules Section 4.2. The maintainer has not acknowledged or responded to this advisory in 4 months. GitHub CNA can view full details at GHSA-mffc-w2jf-c592.

Thank you.

[manus-use]

Closing — the maintainer has already acknowledged and escalated the advisory to engineering. Will follow up directly on the GHSA if CVE assignment is needed.

[manus-use]

Update: The maintainer has already acknowledged and escalated the advisory to engineering. Will follow up directly on the GHSA if CVE assignment is needed.