CVSS 7.5 · HIGH
CVE-2026-4503
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
Ver en NVDAnálisis
IBM Langflow Desktop versions 1.0.0 through 1.8.4 contain an Insecure Direct Object Reference (IDOR) vulnerability. An unauthenticated attacker can exploit this to view images belonging to other users by providing a user-controlled key in requests.
Severidad
Puntaje: 7.5(HIGH)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NAV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE):
CWE-639EPSS
Probabilidad de explotación (próx. 30 días): 0.0005 (0.1%)
Percentil: 16.1%
EPSS: 2026-05-06
Descripción técnica
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
Publicada: 30/4/2026, 21:16:33
Última modificación: 1/5/2026, 15:27:15