Langflow, an open-source AI workflow platform, contains a critical missing authentication vulnerability (CVE-2026-21445, CVSS 9.1, CWE-306) affecting all versions prior to 1.7.0.dev45, allowing unauthenticated remote access to user conversation data and transaction histories, and permitting destructive message deletion without credentials. This vulnerability is confirmed actively exploited and listed on both the CISA KEV and VulnCheck KEV catalogs. Organizations should immediately restrict network access to Langflow instances, upgrade to version 1.7.0.dev45 or later, and audit conversation and transaction logs for evidence of unauthorized access during the exposure window.