CVE-2026-6600

🗓️ 20 Apr 2026 03:15:12Reported by VulDBType

CVE-2026-6600: Langflow rendering allows remote cross-site scripting via edit-message.tsx up to 1.8.3.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-6600	20 Apr 202603:15	–	attackerkb
Circl	CVE-2026-6600	20 Apr 202608:08	–	circl
CNNVD	Langflow 安全漏洞	20 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting	20 Apr 202603:15	–	cvelist
EUVD	EUVD-2026-23764	20 Apr 202606:31	–	euvd
NVD	CVE-2026-6600	20 Apr 202604:16	–	nvd
Positive Technologies	PT-2026-33706	20 Apr 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting	20 Apr 202603:15	–	vulnrichment

Vulners

Node

langflow-ai langflowMatch1.8.0

langflow-ai langflowMatch1.8.1

langflow-ai langflowMatch1.8.2

langflow-ai langflowMatch1.8.3

[
  {
    "vendor": "langflow-ai",
    "product": "langflow",
    "versions": [
      {
        "version": "1.8.0",
        "status": "affected"
      },
      {
        "version": "1.8.1",
        "status": "affected"
      },
      {
        "version": "1.8.2",
        "status": "affected"
      },
      {
        "version": "1.8.3",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Frontend React Component Rendering"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/submit/791923
gist	www.gist.github.com/chenhouser2025/935aa5d4556264ba408059eec0960b1a
vuldb	www.vuldb.com/vuln/358235
vuldb	www.vuldb.com/vuln/358235/cti

29 Apr 2026 01:00Current

3.9Low risk

Vulners AI Score3.9

CVSS 3.13.5

CVSS 24

CVSS 45.1

CVSS 33.5

EPSS0.00034

SSVC