CVSS 6.5 · MEDIUM
CVE-2026-6542
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.
View on NVDSeverity
Score: 6.5(MEDIUM)
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NAV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Weakness (CWE):
CWE-639EPSS
Probability of exploitation (next 30 days): 0.0003 (0.0%)
Percentile: 8.0%
EPSS: 2026-05-06
Affects
langflow:langflowTechnical description
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.
Published: 4/30/2026, 10:16:26 PM
Last modified: 5/4/2026, 6:21:23 PM