24h | 7d | 30d

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
02 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
Pending

KEV

Description

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.31%

KEV

Description

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
Pending

KEV

Description

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
Pending

KEV

Description

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 9h ago
Showing 51 to 55 of 55 CVEs