IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Project Subscriptions

Vendors Products
Langflow Oss Subscribe
Advisories

No advisories yet.

Fixes

Solution

IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.2


Workaround

No workaround given by the vendor.

History

Fri, 17 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Title Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints
First Time appeared Ibm
Ibm langflow Oss
Weaknesses CWE-798
CPEs cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:langflow_oss:1.10.1:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm langflow Oss
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-07-17T20:43:49.355Z

Reserved: 2026-06-26T16:43:04.516Z

Link: CVE-2026-13446

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-17T22:30:04Z

Weaknesses