CVE-2026-7664

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

EUVD-2026-38281

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

CVE-2026-7787

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

CVE-2026-3341 IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-3341 IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

EUVD-2026-36251

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.1 of IBM Langflow contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow...

PT-2026-48674

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

CVE-2026-7528

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

CVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

CVE-2026-3345

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2026-7528

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...

IBM Langflow 资源管理错误漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.0 of IBM Langflow contain resource management vulnerabilities. These vulnerabilities stem from uncontrolled resource consumption, which ma...

CVE-2026-6543

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

CVE-2026-3345

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2026-4503

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-3346

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...