5 matches found
CVE-2026-7754 SSRF Protection Configuration Vulnerability
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery SSRF due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism...
PT-2026-60863
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Authenticated users can override component parameters at runtime via the API. This is caused by a flaw in the parameter filtering mechanism within the apply tweaks function...
Security Bulletin: MCP Server Configuration Validator Bypass via File Upload API
Summary A validation bypass vulnerability existed in the File Manager API that could allow an authenticated attacker to upload malicious MCP server configurations. The file upload endpoint accepted mcpservers.json files without invoking the MCPServerConfig validator, while the structured MCP API...
CVE-2026-7873 Code Injection Vulnerability in Code Validation Endpoint
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement...
PT-2026-53950
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Langflow uses a weak and reversible key derivation mechanism for encryption at rest, which could lead to the disclosure of all stored credentials. Recommendations At the moment, there ...