Ibm Langflow Desktop vulnerabilities
8 known vulnerabilities affecting ibm/langflow_desktop.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2026-6543P2HIGHCVSS 8.8≥ 1.0.0, ≤ 1.8.42026-04-30
CVE-2026-6543 [HIGH] CWE-94 CVE-2026-6543: IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands w
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.
nvd
CVE-2026-3357P2HIGHCVSS 8.8≥ 1.6.0, ≤ 1.8.22026-04-08
CVE-2026-3357 [HIGH] CWE-502 CVE-2026-3357: IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbit
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.
nvd
CVE-2026-4503P3HIGHCVSS 7.5≥ 1.0.0, ≤ 1.8.42026-04-30
CVE-2026-4503 [HIGH] CWE-639 CVE-2026-4503: IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
nvd
CVE-2026-3345P3MEDIUMCVSS 6.5≤ 1.8.42026-04-30
CVE-2026-3345 [MEDIUM] CWE-22 CVE-2026-3345: IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the s
IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
nvd
CVE-2026-4502P3MEDIUMCVSS 6.5≥ 1.2.0, ≤ 1.8.42026-04-30
CVE-2026-4502 [MEDIUM] CWE-22 CVE-2026-4502: IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
nvd
CVE-2026-3340P3MEDIUMCVSS 6.5≥ 1.0.0, ≤ 1.8.42026-04-30
CVE-2026-3340 [MEDIUM] CWE-918 CVE-2026-3340: IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
nvd
CVE-2026-3346P4MEDIUMCVSS 6.4≥ 1.6.0, ≤ 1.8.42026-04-30
CVE-2026-3346 [MEDIUM] CWE-89 CVE-2026-3346: IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
nvd
CVE-2026-3341P4MEDIUMCVSS 5.4≥ 1.0.0, ≤ 1.9.22026-06-11
CVE-2026-3341 [MEDIUM] CWE-918 CVE-2026-3341: IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (
IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
nvd