Lucene search
+L

5 matches found

Cvelist
Cvelist
added yesterday13 views

CVE-2026-9103 Unauthenticated Superuser Token Issuance via Auto-Login Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/autologin endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTOLOGIN configuration is enabl...

9.8CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45236

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS5.5AI score
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60833

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/auto login mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS5.5AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:29 p.m.7 views

Security Bulletin: Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

Summary A vulnerability allowed unauthenticated attackers to achieve remote code execution on default-configured instances. The vulnerability combined two distinct issues: an unauthenticated endpoint that issued superuser bearer tokens to any network caller, and a code validation endpoint that...

9.8CVSS6.6AI score
Exploits0Affected Software1
Rows per page
Query Builder