# CVE-claimed-fixed version that is STILL vulnerable to the stored-data bypass # Discovered via image build metadata (pip version) + release-tag resolution. image=langflowai/langflow:1.9.0 pip_version=1.9.0 release_tag=v1.9.0 commit_sha=a47f2ad17eb662e940c550cfccb64a87dddd7e0b bypass_reproduces_on_this_version=true (exploit_status=200, proof written; both attempts) followup_fix_present=false (prepare_public_flow_build absent; commit 626365f088 NOT an ancestor)