CVE-2026-3345

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2026-7528

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...

IBM Langflow 资源管理错误漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.0 of IBM Langflow contain resource management vulnerabilities. These vulnerabilities stem from uncontrolled resource consumption, which ma...

CVE-2026-6543

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

CVE-2026-3345

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2026-4503

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-3346

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2026-6542

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...

EUVD-2026-26447

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...

CVE-2026-6542

IBM Langflow OSS 1.0.0–1.8.4 is vulnerable to an authorization bypass in the Monitor API: any authenticated user can supply a flow_id to read another user’s transaction logs and vertex build data, and can delete persisted vertex build data for another user’s flow. Root cause cited as missing owne...

CVE-2026-3345 Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-4502

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

CVE-2026-4503

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

PT-2026-36188

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.6.0 through 1.8.4 Description Stored cross-site scripting occurs when an authenticated user embeds arbitrary JavaScript code in the Web UI. This can alter the intended functionality and potentially lead to the...

IBM Langflow Desktop 代码注入漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow Desktop contain a code injection vulnerability. This vulnerability allows attackers to execute arbitrary commands with privileges to run the Langflow process,...

PT-2026-36194

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions prior to 1.8.5 Description An issue allows a remote attacker to perform directory traversal on the system. By sending a specially crafted URL request containing "dot dot" sequences /../, an attacker can view...

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow contain security vulnerabilities. These vulnerabilities allow any user to access the flowid, read other users’ transacti...