CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting

🗓️ 20 Apr 2026 03:15:12Reported by VulDBType

CVE-2026-6600 in LangFlow up to 1.8.3 enables remote cross-site scripting via edit-message.tsx.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-6600	20 Apr 202603:15	–	attackerkb
Circl	CVE-2026-6600	20 Apr 202608:08	–	circl
CNNVD	Langflow 安全漏洞	20 Apr 202600:00	–	cnnvd
CVE	CVE-2026-6600	20 Apr 202603:15	–	cve
EUVD	EUVD-2026-23764	20 Apr 202606:31	–	euvd
NVD	CVE-2026-6600	20 Apr 202604:16	–	nvd
Positive Technologies	PT-2026-33706	20 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-6600	5 Jun 202619:47	–	redhatcve
Vulnrichment	CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting	20 Apr 202603:15	–	vulnrichment

[
  {
    "vendor": "langflow-ai",
    "product": "langflow",
    "versions": [
      {
        "version": "1.8.0",
        "status": "affected"
      },
      {
        "version": "1.8.1",
        "status": "affected"
      },
      {
        "version": "1.8.2",
        "status": "affected"
      },
      {
        "version": "1.8.3",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Frontend React Component Rendering"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/submit/791923
gist	www.gist.github.com/chenhouser2025/935aa5d4556264ba408059eec0960b1a
vuldb	www.vuldb.com/vuln/358235
vuldb	www.vuldb.com/vuln/358235/cti

20 Apr 2026 03:15Current

CVSS 3.13.5

CVSS 33.5

CVSS 24

CVSS 45.1

EPSS0.00034