CVE-2026-4503
The IBM advisories for CVE-2026-4503 describe an unauthenticated IDOR in Langflow’s image download endpoint. Affected: Langflow OSS/Desktop 1.0.0–1.8.4. Vulnerable component: image retrieval endpoint (GET /api/v1/files/images/{flow_id}/{file_name}) that fails to enforce authentication/ownership, ...