cbcvebase.

Ibm Langflow Oss vulnerabilities

17 known vulnerabilities affecting ibm/langflow_oss.

Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL10HIGH7

Vulnerabilities

Page 1 of 1
CVE-2026-10561P2CRITICALCVSS 10.0≥ 1.0.0, ≤ 1.9.32026-06-22
CVE-2026-10561 [CRITICAL] CWE-94 CVE-2026-10561: IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python exe IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
nvd
CVE-2026-7524P2CRITICALCVSS 9.8≥ 1.0.0, ≤ 1.9.12026-05-27
CVE-2026-7524 [CRITICAL] CWE-22 CVE-2026-7524: IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
nvd
CVE-2026-7664P2CRITICALCVSS 9.8≥ 1.0.0, ≤ 1.8.42026-06-22
CVE-2026-7664 [CRITICAL] CWE-287 CVE-2026-7664: IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP p IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
nvd
CVE-2026-10134P2CRITICALCVSS 10.0≥ 1.0.0, ≤ 1.9.32026-06-30
CVE-2026-10134 [CRITICAL] CWE-94 CVE-2026-10134: IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langfl IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance,
nvd
CVE-2026-7873P2CRITICALCVSS 9.9≥ 1.0.0, ≤ 1.10.02026-06-30
CVE-2026-7873 [CRITICAL] CWE-94 CVE-2026-7873: IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS command IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
nvd
CVE-2026-7803P2CRITICALCVSS 9.8≥ 1.0.0, ≤ 1.10.02026-06-30
CVE-2026-7803 [CRITICAL] CWE-20 CVE-2026-7803: IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validatio IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.
nvd
CVE-2026-7663P3CRITICALCVSS 9.1≥ 1.0.0, ≤ 1.9.62026-06-30
CVE-2026-7663 [CRITICAL] CWE-285 CVE-2026-7663: IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP p IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
nvd
CVE-2026-7871P3CRITICALCVSS 9.8≥ 1.0.0, ≤ 1.10.02026-06-30
CVE-2026-7871 [CRITICAL] CWE-502 CVE-2026-7871: IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
nvd
CVE-2026-10140P3CRITICALCVSS 9.6≥ 1.0.0, ≤ 1.10.02026-06-30
CVE-2026-10140 [CRITICAL] CWE-639 CVE-2026-10140: IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misa
nvd
CVE-2026-10129P3HIGHCVSS 8.5≥ 1.0.0, ≤ 1.9.32026-06-30
CVE-2026-10129 [HIGH] CWE-918 CVE-2026-10129: IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost ad
nvd
CVE-2026-7874P3CRITICALCVSS 9.1≥ 1.0.0, ≤ 1.10.02026-06-30
CVE-2026-7874 [CRITICAL] CWE-338 CVE-2026-7874: IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.
nvd
CVE-2026-10564P3HIGHCVSS 8.2≥ 1.0.0, ≤ 1.9.62026-06-30
CVE-2026-10564 [HIGH] CWE-918 CVE-2026-10564: IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSRe IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including
nvd
CVE-2026-10560P3HIGHCVSS 8.2≥ 1.0.0, ≤ 1.9.62026-06-30
CVE-2026-10560 [HIGH] CWE-287 CVE-2026-10560: IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buil IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service.
nvd
CVE-2026-6542P3HIGHCVSS 8.1≥ 1.0.0, ≤ 1.8.42026-04-30
CVE-2026-6542 [HIGH] CWE-639 CVE-2026-6542: IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction lo IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.
nvd
CVE-2026-7787P3HIGHCVSS 8.1≥ 1.0.0, ≤ 1.9.12026-06-11
CVE-2026-7787 [HIGH] CWE-639 CVE-2026-7787: IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive i IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
nvd
CVE-2026-7528P3HIGHCVSS 7.5≥ 1.0.0, ≤ 1.9.02026-05-27
CVE-2026-7528 [HIGH] CWE-400 CVE-2026-7528: IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource co IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
nvd
CVE-2026-10546P4HIGHCVSS 7.1≥ 1.0.0, ≤ 1.9.32026-06-30
CVE-2026-10546 [HIGH] CWE-918 CVE-2026-10546: IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/data_source/url.py ) due to a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding.
nvd
Ibm Langflow Oss vulnerabilities | cvebase