Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    34 vulnerabilities found for Langflow OSS by IBM

    CVE-2026-7874 (GCVE-0-2026-7874)

    Vulnerability from nvd – Published: 2026-06-30 19:11 – Updated: 2026-06-30 19:40
    VLAI
    Title
    Weak Cryptographic Key Derivation Exposed All Stored Credentials
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278447 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Akshat Sinha (akshatgit) akshat14132@iiitd.ac.in https://github.com/akshatgit, (Kolega.dev ) kolega-ai-dev https://kolega.dev/, Christopher Lusk (north-echo) www.northecho.dev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7874",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T19:39:22.263541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T19:40:24.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Akshat Sinha (akshatgit) akshat14132@iiitd.ac.in https://github.com/akshatgit, (Kolega.dev ) kolega-ai-dev https://kolega.dev/, Christopher Lusk (north-echo) www.northecho.dev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-338",
                  "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:11:43.653Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278447"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.1"
            }
          ],
          "title": "Weak Cryptographic Key Derivation Exposed All Stored Credentials",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7874",
        "datePublished": "2026-06-30T19:11:43.653Z",
        "dateReserved": "2026-05-05T14:23:39.800Z",
        "dateUpdated": "2026-06-30T19:40:24.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7873 (GCVE-0-2026-7873)

    Vulnerability from nvd – Published: 2026-06-30 19:13 – Updated: 2026-07-01 17:27
    VLAI
    Title
    Code Injection Vulnerability in Code Validation Endpoint
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278441 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7873",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T03:55:58.606839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:27:51.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:13:16.331Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278441"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Code Injection Vulnerability in Code Validation Endpoint",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7873",
        "datePublished": "2026-06-30T19:13:16.331Z",
        "dateReserved": "2026-05-05T14:20:51.355Z",
        "dateUpdated": "2026-07-01T17:27:51.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7871 (GCVE-0-2026-7871)

    Vulnerability from nvd – Published: 2026-06-30 19:14 – Updated: 2026-07-01 17:27
    VLAI
    Title
    Insecure Deserialization in Redis Cache Backend
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278443 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7871",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T03:55:59.702565Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:27:39.903Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:14:39.815Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278443"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Insecure Deserialization in Redis Cache Backend",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7871",
        "datePublished": "2026-06-30T19:14:39.815Z",
        "dateReserved": "2026-05-05T14:14:39.413Z",
        "dateUpdated": "2026-07-01T17:27:39.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7803 (GCVE-0-2026-7803)

    Vulnerability from nvd – Published: 2026-06-30 19:15 – Updated: 2026-07-01 03:56
    VLAI
    Title
    Flow Validation Bypass via Empty Component Type Field
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278445 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Jacques Artelle ottawapm.jack@gmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7803",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T03:56:00.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jacques Artelle  ottawapm.jack@gmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:15:45.194Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278445"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Flow Validation Bypass via Empty Component Type Field",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7803",
        "datePublished": "2026-06-30T19:15:45.194Z",
        "dateReserved": "2026-05-04T20:01:10.281Z",
        "dateUpdated": "2026-07-01T03:56:00.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7663 (GCVE-0-2026-7663)

    Vulnerability from nvd – Published: 2026-06-30 19:16 – Updated: 2026-07-01 03:56
    VLAI
    Title
    Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277570 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.6 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T03:56:01.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.6",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:16:25.323Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277570"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7663",
        "datePublished": "2026-06-30T19:16:25.323Z",
        "dateReserved": "2026-05-01T19:43:15.220Z",
        "dateUpdated": "2026-07-01T03:56:01.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10564 (GCVE-0-2026-10564)

    Vulnerability from nvd – Published: 2026-06-30 19:51 – Updated: 2026-07-01 14:48
    VLAI
    Title
    SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277995 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.6 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10564",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:48:29.169502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:48:45.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.6",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:51:55.253Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277995"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10564",
        "datePublished": "2026-06-30T19:51:55.253Z",
        "dateReserved": "2026-06-01T16:26:04.641Z",
        "dateUpdated": "2026-07-01T14:48:45.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10560 (GCVE-0-2026-10560)

    Vulnerability from nvd – Published: 2026-06-30 19:53 – Updated: 2026-07-01 14:29
    VLAI
    Title
    Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277996 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.6 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10560",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:49:50.805610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:29:49.766Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.6",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:53:20.632Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277996"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10560",
        "datePublished": "2026-06-30T19:53:20.632Z",
        "dateReserved": "2026-06-01T15:10:29.825Z",
        "dateUpdated": "2026-07-01T14:29:49.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10546 (GCVE-0-2026-10546)

    Vulnerability from nvd – Published: 2026-06-30 19:54 – Updated: 2026-07-01 13:23
    VLAI
    Title
    DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/data_source/url.py ) due to a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277560 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.3 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10546",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:23:44.164968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:23:53.332Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/data_source/url.py ) due to a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/data_source/url.py ) due to a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:54:21.177Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277560"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10546",
        "datePublished": "2026-06-30T19:54:21.177Z",
        "dateReserved": "2026-06-01T13:00:40.177Z",
        "dateUpdated": "2026-07-01T13:23:53.332Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10140 (GCVE-0-2026-10140)

    Vulnerability from nvd – Published: 2026-06-30 19:55 – Updated: 2026-07-01 14:02
    VLAI
    Title
    Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278209 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:02:07.641200Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:02:22.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:55:31.022Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278209"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10140",
        "datePublished": "2026-06-30T19:55:31.022Z",
        "dateReserved": "2026-05-29T18:50:47.154Z",
        "dateUpdated": "2026-07-01T14:02:22.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10134 (GCVE-0-2026-10134)

    Vulnerability from nvd – Published: 2026-06-30 19:56 – Updated: 2026-07-01 17:27
    VLAI
    Title
    Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277559 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.3 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T03:56:03.770824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:27:28.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow\u0027s `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow\u0027s `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:56:52.069Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277559"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10134",
        "datePublished": "2026-06-30T19:56:52.069Z",
        "dateReserved": "2026-05-29T18:38:25.306Z",
        "dateUpdated": "2026-07-01T17:27:28.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10129 (GCVE-0-2026-10129)

    Vulnerability from nvd – Published: 2026-06-30 19:59 – Updated: 2026-07-01 15:56
    VLAI
    Title
    SSRF via HTTP Redirect Following in Langflow API Request Component
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277561 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.3 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10129",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:56:36.122527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:56:50.010Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:59:59.556Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277561"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "SSRF via HTTP Redirect Following in Langflow API Request Component",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10129",
        "datePublished": "2026-06-30T19:59:59.556Z",
        "dateReserved": "2026-05-29T18:24:56.422Z",
        "dateUpdated": "2026-07-01T15:56:50.010Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7664 (GCVE-0-2026-7664)

    Vulnerability from nvd – Published: 2026-06-22 14:10 – Updated: 2026-06-23 18:48
    VLAI
    Title
    Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS
    Summary
    IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277243 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.8.4 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.8.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7664",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T03:55:59.093462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T18:48:23.307Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.8.4:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.4",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T14:10:25.584Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277243"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.9.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.9.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7664",
        "datePublished": "2026-06-22T14:10:25.584Z",
        "dateReserved": "2026-05-01T19:46:59.287Z",
        "dateUpdated": "2026-06-23T18:48:23.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10561 (GCVE-0-2026-10561)

    Vulnerability from nvd – Published: 2026-06-22 13:22 – Updated: 2026-06-23 18:48
    VLAI
    Title
    Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277242 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.3 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10561",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T03:55:46.829544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T18:48:33.682Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:22:07.628Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277242"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.9.4\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.9.4 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10561",
        "datePublished": "2026-06-22T13:22:07.628Z",
        "dateReserved": "2026-06-01T15:41:38.211Z",
        "dateUpdated": "2026-06-23T18:48:33.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7787 (GCVE-0-2026-7787)

    Vulnerability from nvd – Published: 2026-06-11 14:41 – Updated: 2026-06-11 16:08
    VLAI
    Title
    Unauthenticated Session History Access via Public Flow Execution
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7275453 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.1 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T16:08:19.245587Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T16:08:51.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.1:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T14:41:21.549Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7275453"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.9.2\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.9.2 https://pypi.org/project/langflow/ ."
            }
          ],
          "title": "Unauthenticated Session History Access via Public Flow Execution",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7787",
        "datePublished": "2026-06-11T14:41:21.549Z",
        "dateReserved": "2026-05-04T16:07:56.098Z",
        "dateUpdated": "2026-06-11T16:08:51.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7528 (GCVE-0-2026-7528)

    Vulnerability from nvd – Published: 2026-05-27 13:16 – Updated: 2026-05-27 15:30
    VLAI
    Title
    Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273427 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    This vulnerability was reported to IBM by Ori Lahav (Rubrik Inc.) orilahav@tauex.tau.ac.il.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7528",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T15:30:33.573721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T15:30:41.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "This vulnerability was reported to IBM by Ori Lahav (Rubrik Inc.) orilahav@tauex.tau.ac.il."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:16:21.010Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273427"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.9.2\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.9.2."
            }
          ],
          "title": "Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7528",
        "datePublished": "2026-05-27T13:16:21.010Z",
        "dateReserved": "2026-04-30T17:42:20.909Z",
        "dateUpdated": "2026-05-27T15:30:41.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7524 (GCVE-0-2026-7524)

    Vulnerability from nvd – Published: 2026-05-27 13:14 – Updated: 2026-05-28 13:26
    VLAI
    Title
    Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273426 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.1 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    This vulnerability was reported to IBM by Ori Lahav (Rubrik Inc.) orilahav@tauex.tau.ac.il.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T03:55:29.448956Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T13:26:42.977Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.1:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "This vulnerability was reported to IBM by Ori Lahav (Rubrik Inc.) orilahav@tauex.tau.ac.il."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:14:23.238Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273426"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.9.2\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.9.2 https://pypi.org/project/langflow/ ."
            }
          ],
          "title": "Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7524",
        "datePublished": "2026-05-27T13:14:23.238Z",
        "dateReserved": "2026-04-30T17:11:41.725Z",
        "dateUpdated": "2026-05-28T13:26:42.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10129 (GCVE-0-2026-10129)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:59 – Updated: 2026-07-01 15:56
    VLAI
    Title
    SSRF via HTTP Redirect Following in Langflow API Request Component
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277561 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.3 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10129",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:56:36.122527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:56:50.010Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:59:59.556Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277561"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "SSRF via HTTP Redirect Following in Langflow API Request Component",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10129",
        "datePublished": "2026-06-30T19:59:59.556Z",
        "dateReserved": "2026-05-29T18:24:56.422Z",
        "dateUpdated": "2026-07-01T15:56:50.010Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10134 (GCVE-0-2026-10134)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:56 – Updated: 2026-07-01 17:27
    VLAI
    Title
    Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277559 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.3 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T03:56:03.770824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:27:28.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow\u0027s `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow\u0027s `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:56:52.069Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277559"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10134",
        "datePublished": "2026-06-30T19:56:52.069Z",
        "dateReserved": "2026-05-29T18:38:25.306Z",
        "dateUpdated": "2026-07-01T17:27:28.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10140 (GCVE-0-2026-10140)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:55 – Updated: 2026-07-01 14:02
    VLAI
    Title
    Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278209 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:02:07.641200Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:02:22.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:55:31.022Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278209"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10140",
        "datePublished": "2026-06-30T19:55:31.022Z",
        "dateReserved": "2026-05-29T18:50:47.154Z",
        "dateUpdated": "2026-07-01T14:02:22.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10546 (GCVE-0-2026-10546)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:54 – Updated: 2026-07-01 13:23
    VLAI
    Title
    DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/data_source/url.py ) due to a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277560 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.3 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10546",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:23:44.164968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:23:53.332Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/data_source/url.py ) due to a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/data_source/url.py ) due to a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:54:21.177Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277560"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10546",
        "datePublished": "2026-06-30T19:54:21.177Z",
        "dateReserved": "2026-06-01T13:00:40.177Z",
        "dateUpdated": "2026-07-01T13:23:53.332Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10560 (GCVE-0-2026-10560)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:53 – Updated: 2026-07-01 14:29
    VLAI
    Title
    Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277996 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.6 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10560",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:49:50.805610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:29:49.766Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.6",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:53:20.632Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277996"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10560",
        "datePublished": "2026-06-30T19:53:20.632Z",
        "dateReserved": "2026-06-01T15:10:29.825Z",
        "dateUpdated": "2026-07-01T14:29:49.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10564 (GCVE-0-2026-10564)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:51 – Updated: 2026-07-01 14:48
    VLAI
    Title
    SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277995 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.6 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10564",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:48:29.169502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:48:45.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.6",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:51:55.253Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277995"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10564",
        "datePublished": "2026-06-30T19:51:55.253Z",
        "dateReserved": "2026-06-01T16:26:04.641Z",
        "dateUpdated": "2026-07-01T14:48:45.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7663 (GCVE-0-2026-7663)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:16 – Updated: 2026-07-01 03:56
    VLAI
    Title
    Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277570 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.6 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T03:56:01.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.6",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:16:25.323Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277570"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.0\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7663",
        "datePublished": "2026-06-30T19:16:25.323Z",
        "dateReserved": "2026-05-01T19:43:15.220Z",
        "dateUpdated": "2026-07-01T03:56:01.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7803 (GCVE-0-2026-7803)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:15 – Updated: 2026-07-01 03:56
    VLAI
    Title
    Flow Validation Bypass via Empty Component Type Field
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278445 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Jacques Artelle ottawapm.jack@gmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7803",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T03:56:00.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jacques Artelle  ottawapm.jack@gmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:15:45.194Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278445"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Flow Validation Bypass via Empty Component Type Field",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7803",
        "datePublished": "2026-06-30T19:15:45.194Z",
        "dateReserved": "2026-05-04T20:01:10.281Z",
        "dateUpdated": "2026-07-01T03:56:00.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7871 (GCVE-0-2026-7871)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:14 – Updated: 2026-07-01 17:27
    VLAI
    Title
    Insecure Deserialization in Redis Cache Backend
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278443 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7871",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T03:55:59.702565Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:27:39.903Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:14:39.815Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278443"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Insecure Deserialization in Redis Cache Backend",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7871",
        "datePublished": "2026-06-30T19:14:39.815Z",
        "dateReserved": "2026-05-05T14:14:39.413Z",
        "dateUpdated": "2026-07-01T17:27:39.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7873 (GCVE-0-2026-7873)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:13 – Updated: 2026-07-01 17:27
    VLAI
    Title
    Code Injection Vulnerability in Code Validation Endpoint
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278441 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7873",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T03:55:58.606839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:27:51.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:13:16.331Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278441"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Code Injection Vulnerability in Code Validation Endpoint",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7873",
        "datePublished": "2026-06-30T19:13:16.331Z",
        "dateReserved": "2026-05-05T14:20:51.355Z",
        "dateUpdated": "2026-07-01T17:27:51.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7874 (GCVE-0-2026-7874)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:11 – Updated: 2026-06-30 19:40
    VLAI
    Title
    Weak Cryptographic Key Derivation Exposed All Stored Credentials
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278447 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Akshat Sinha (akshatgit) akshat14132@iiitd.ac.in https://github.com/akshatgit, (Kolega.dev ) kolega-ai-dev https://kolega.dev/, Christopher Lusk (north-echo) www.northecho.dev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7874",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T19:39:22.263541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T19:40:24.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Akshat Sinha (akshatgit) akshat14132@iiitd.ac.in https://github.com/akshatgit, (Kolega.dev ) kolega-ai-dev https://kolega.dev/, Christopher Lusk (north-echo) www.northecho.dev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-338",
                  "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:11:43.653Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278447"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.1"
            }
          ],
          "title": "Weak Cryptographic Key Derivation Exposed All Stored Credentials",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7874",
        "datePublished": "2026-06-30T19:11:43.653Z",
        "dateReserved": "2026-05-05T14:23:39.800Z",
        "dateUpdated": "2026-06-30T19:40:24.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7664 (GCVE-0-2026-7664)

    Vulnerability from cvelistv5 – Published: 2026-06-22 14:10 – Updated: 2026-06-23 18:48
    VLAI
    Title
    Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS
    Summary
    IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277243 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.8.4 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.8.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7664",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T03:55:59.093462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T18:48:23.307Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.8.4:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.4",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T14:10:25.584Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277243"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.9.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.9.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7664",
        "datePublished": "2026-06-22T14:10:25.584Z",
        "dateReserved": "2026-05-01T19:46:59.287Z",
        "dateUpdated": "2026-06-23T18:48:23.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10561 (GCVE-0-2026-10561)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:22 – Updated: 2026-06-23 18:48
    VLAI
    Title
    Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277242 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.3 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10561",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T03:55:46.829544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T18:48:33.682Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:22:07.628Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277242"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.9.4\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.9.4 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10561",
        "datePublished": "2026-06-22T13:22:07.628Z",
        "dateReserved": "2026-06-01T15:41:38.211Z",
        "dateUpdated": "2026-06-23T18:48:33.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7787 (GCVE-0-2026-7787)

    Vulnerability from cvelistv5 – Published: 2026-06-11 14:41 – Updated: 2026-06-11 16:08
    VLAI
    Title
    Unauthenticated Session History Access via Public Flow Execution
    Summary
    IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7275453 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.9.1 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.9.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T16:08:19.245587Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T16:08:51.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.9.1:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T14:41:21.549Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7275453"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.9.2\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.9.2 https://pypi.org/project/langflow/ ."
            }
          ],
          "title": "Unauthenticated Session History Access via Public Flow Execution",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7787",
        "datePublished": "2026-06-11T14:41:21.549Z",
        "dateReserved": "2026-05-04T16:07:56.098Z",
        "dateUpdated": "2026-06-11T16:08:51.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }