Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
AnalysisAI
Denial of service in IBM Langflow OSS 1.0.0 through 1.9.0 lets a low-privileged, authenticated remote attacker drive uncontrolled resource consumption (CWE-400) to degrade or crash the service, with a high availability impact and a minor confidentiality exposure per the CVSS vector. The flaw is network-reachable, requires no user interaction, and needs only a low-privilege account. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and no EPSS score was supplied.
Technical ContextAI
Langflow is an open-source, Python-based low-code/visual framework for building LLM- and agent-driven applications, exposing a web API and UI for composing and running flows. The root cause is classified as CWE-400 (Uncontrolled Resource Consumption), a class of bug where the application fails to bound the CPU, memory, threads, connections, or other resources consumed in response to attacker-influenced input or requests, allowing a relatively small amount of effort to exhaust available capacity. The advisory does not name the specific endpoint, flow operation, or parser at fault, and no CPE strings were provided to pin the exact build, so the precise resource-exhaustion sink is not confirmed from the available data.
RemediationAI
No exact fixed version is stated in the provided data, so consult the IBM security bulletin at https://www.ibm.com/support/pages/node/7273427 for the vendor-released patched build and upgrade beyond 1.9.0 once confirmed (treat the bulletin as 'patch available per vendor advisory'; the specific fix version is not independently confirmed here). As compensating controls until patched: restrict network access to the Langflow API/UI to trusted networks or place it behind a VPN/reverse proxy, since the vector is AV:N; enforce per-account rate limiting and request size/timeout limits at the proxy to blunt resource exhaustion (trade-off: may throttle legitimate heavy flows); apply OS- or container-level resource quotas (CPU/memory cgroups, restart-on-OOM) to contain impact and recover automatically (trade-off: a crash-loop still interrupts service); and tighten account provisioning so low-privilege accounts are not handed to untrusted users, given the PR:L requirement.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32495
GHSA-vppx-25hc-f892