Skip to main content

IBM Langflow Desktop CVE-2026-3341

| EUVDEUVD-2026-36254 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-11 ibm GHSA-wvfv-3qjh-qwxj
5.4
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
MEDIUM
qualitative
NVD
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

Network-accessible SSRF requiring low-privilege authentication (PR:L); limited confidentiality and integrity impact from unauthorized request forwarding; no availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 11, 2026 - 15:48 vuln.today

DescriptionNVD

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

AnalysisAI

Server-side request forgery in IBM Langflow Desktop 1.0.0 through 1.9.2 enables authenticated network-based attackers to coerce the application into issuing arbitrary outbound HTTP requests on their behalf. The vulnerability, classified under CWE-918, can expose internal network topology by proxying requests through the server to otherwise inaccessible hosts, and may serve as a stepping stone for further lateral movement or credential harvesting from cloud metadata services. No public exploit code has been identified at time of analysis, and a vendor-released patch is available via IBM advisory.

Technical ContextAI

IBM Langflow Desktop is a visual, flow-based development environment for constructing AI and large-language-model pipelines. CWE-918 (Server-Side Request Forgery) arises when an application fetches a remote resource based on user-supplied input without sufficiently validating or restricting the target URL, allowing the application server itself to act as an unintended proxy. In this context, attacker-controlled URLs can be directed at internal RFC-1918 addresses, localhost services, or cloud instance metadata endpoints (e.g., 169.254.169.254), bypassing perimeter controls. The affected CPE is cpe:2.3:a:ibm:langflow_desktop:*:*:*:*:*:*:*:*, covering all Desktop releases from 1.0.0 through 1.9.2. The CVSS vector AV:N/AC:L/PR:L reflects that the attack surface is the network-accessible application interface and only low-privileged credentials are needed.

RemediationAI

Patch available per vendor advisory - apply the update referenced at https://www.ibm.com/support/pages/node/7275444 as the primary remediation step; the exact patched version number is not specified in the available input data and should be confirmed directly from that advisory. If immediate patching is not feasible, restrict outbound network egress from the host running IBM Langflow Desktop using host-based firewall rules or network-layer controls to deny connections to RFC-1918 address ranges, loopback, and cloud metadata IP ranges (e.g., 169.254.169.254, 100.100.100.200); note that this may interfere with legitimate external integrations in Langflow workflows. Additionally, enforce least-privilege access controls to limit which users can authenticate to the Langflow Desktop interface, reducing the pool of potential attackers.

Share

CVE-2026-3341 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy