CVE-2026-10129
CVE-2026-10129 affects IBM Langflow OSS 1.0.0–1.9.3. A SSRF protection bypass exists in the API Request component: with a low-privilege flow author, an attacker can enable follow_redirects and supply a public URL that redirects to internal/localhost addresses. The app validates only the initial U...