Lucene search
+L

5 matches found

NVD
NVD
added 2 hours ago3 views

CVE-2026-9135

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...

9.9CVSS
Exploits0References1
CVE
CVE
added 2 hours ago12 views

CVE-2026-9135

CVE-2026-9135 affects IBM Langflow OSS versions 1.0.0–1.10.0. The vulnerability lies in the Policies component’s ToolGuard integration: validation only checks the main component code field (node_template["code"]["value"]) and does not validate dynamic CodeInput fields that store generated ToolGua...

9.9CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago8 views

CVE-2026-9135 Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...

9.9CVSS
Exploits0References1
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-45257

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...

9.9CVSS6.1AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:22 p.m.7 views

Security Bulletin: Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation

Summary A validation bypass existed in the flow component code verification mechanism. The custom component policy enforcement validated only the main component code field but did not extend validation to dynamic CodeInput fields used by the Policies component. An authenticated user could craft a...

9.9CVSS6.4AI score
Exploits0Affected Software1
Rows per page
Query Builder