3 matches found
CVE-2026-9135
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...
CVE-2026-9135
CVE-2026-9135 affects IBM Langflow OSS versions 1.0.0–1.10.0. The vulnerability lies in the Policies component’s ToolGuard integration: validation only checks the main component code field (node_template["code"]["value"]) and does not validate dynamic CodeInput fields that store generated ToolGua...
Security Bulletin: Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation
Summary A validation bypass existed in the flow component code verification mechanism. The custom component policy enforcement validated only the main component code field but did not extend validation to dynamic CodeInput fields used by the Policies component. An authenticated user could craft a...