# Fixed version that closes the CVE-2026-33017 stored-data bypass # Discovered via image build metadata (pip version) + release-tag resolution. image=langflowai/langflow:1.10.1 pip_version=1.10.1 release_tag=v1.10.1 commit_sha=a66b75ac2603b26988fb6be95303fdc61f807190 closing_commit=626365f088379236776e0d72f7d18c9094e43ebb closing_commit_subject=fix(security): run trusted server code on unauthenticated public flow builds (#13540) bypass_reproduces_on_this_version=false (exploit_status=400, no proof; both attempts)