Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-10134

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.

Ver en NVD

Análisis

IBM Langflow OSS presenta una vulnerabilidad de inyección de código crítica que permite a un atacante leer secretos, modificar flujos y acceder a servicios internos o metadatos de la nube. Un atacante puede lograr persistencia modificando el código de herramientas públicas, lo que resulta en la ejecución de código malicioso cada vez que un usuario construye un flujo. Dada su calificación de 10.0, esta falla permite el compromiso total de la instancia y de los datos procesados.

Roles relevantes

IAPythonMachineLearningDataScienceCloudCyberSecurity

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-94

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.

Publicada: 30/6/2026, 20:17:26
Última modificación: 30/6/2026, 20:17:26

Referencias

InicioEventosBlogRecursosEquipo