3 matches found
CVE-2026-9135
CVE-2026-9135 affects IBM Langflow OSS versions 1.0.0–1.10.0. The vulnerability lies in the Policies component’s ToolGuard integration: validation only checks the main component code field (node_template["code"]["value"]) and does not validate dynamic CodeInput fields that store generated ToolGua...
CVE-2026-9135 Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...
EUVD-2026-45257
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...