CVE-2026-10134
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.
Ver en NVDAnálisis
IBM Langflow OSS presenta una vulnerabilidad de inyección de código crítica que permite a un atacante leer secretos, modificar flujos y acceder a servicios internos o metadatos de la nube. Un atacante puede lograr persistencia modificando el código de herramientas públicas, lo que resulta en la ejecución de código malicioso cada vez que un usuario construye un flujo. Dada su calificación de 10.0, esta falla permite el compromiso total de la instancia y de los datos procesados.
Roles relevantes
Severidad
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCWE-94EPSS
Sin puntaje EPSS aún (CVE muy reciente).
Descripción técnica
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.