Vulnerabilities
Vulnerable Software
Langflow:  >> Langflow  >> 1.10.0  Security Vulnerabilities
IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.
CVSS Score
9.8
EPSS Score
0.004
Published
2026-06-30
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
CVSS Score
9.8
EPSS Score
0.004
Published
2026-06-30
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-06-30
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.
CVSS Score
9.1
EPSS Score
0.002
Published
2026-06-30
IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.
CVSS Score
9.6
EPSS Score
0.002
Published
2026-06-30


Contact Us

Shodan ® - All rights reserved