Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
5DescriptionCVE.org
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
AnalysisAI
Server-side request forgery (SSRF) in IBM Langflow Desktop 1.0.0 through 1.8.4 permits unauthenticated remote attackers to send arbitrary HTTP requests from the vulnerable system, enabling network enumeration, internal service probing, and facilitation of secondary attacks against backend infrastructure. CVSS 6.5 reflects moderate confidentiality and integrity impact without authentication barriers despite PR:N in vector.
Technical ContextAI
IBM Langflow Desktop is a desktop application for building and executing AI workflows using language models. The vulnerability resides in server-side request handling (CWE-918: Server-Side Request Forgery), where user-supplied input intended for local processing is instead passed directly to HTTP client libraries without proper validation or URL scheme/destination whitelisting. This allows attackers to craft malicious payloads that cause the application to initiate requests to arbitrary internal networks, private IP ranges, or restricted services that would be blocked if requested directly from the attacker's network. The CVSS vector (AV:N/AC:L/PR:N) indicates network-accessible SSRF with no authentication required and low attack complexity, suggesting the vulnerable endpoint is reachable via HTTP/HTTPS without prior compromise.
RemediationAI
Upgrade IBM Langflow Desktop to version 1.8.5 or later, which includes the SSRF validation fixes per IBM security advisory (https://www.ibm.com/support/pages/node/7271096). Users unable to upgrade immediately should implement network-level mitigations: restrict outbound HTTP/HTTPS traffic from Langflow Desktop to explicitly whitelisted internal services only (use firewall rules, network policy, or proxy authentication); block access to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16) and link-local addresses (127.0.0.0/8, ::1/128) at the egress firewall to prevent enumeration of internal infrastructure; disable or isolate Langflow Desktop instances from direct connectivity to sensitive internal services (Kubernetes API, cloud metadata endpoints, SSH, RDP, database ports). Note that network restrictions do not eliminate the vulnerability but reduce exploitability in shared or untrusted environments.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26419