EUVD-2026-36251
GHSA-gfrh-qj3c-qwrr
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Network-reachable API, low complexity, requires any authenticated account (PR:L), no UI; IDOR enables reading and modifying other users' sensitive objects (C:H/I:H) but no availability impact.
Primary rating from Vendor (ibm).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
5DescriptionNVD
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
AnalysisAI
Insecure direct object reference (IDOR) in IBM Langflow OSS 1.0.0 through 1.9.1 allows an authenticated user to read or modify sensitive resources belonging to other users by manipulating object identifiers. The flaw carries a CVSS 8.1 (High) rating due to high confidentiality and integrity impact over the network, though EPSS exploitation probability remains low at 0.04% and there is no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated Langflow OSS account on a vulnerable 1.0.0-1.9.1 instance (PR:L) and network reachability to the Langflow web API, plus knowledge or guessing of another object's identifier - sequential or UUID-with-leak patterns make enumeration practical. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N indicates a network-reachable, low-complexity attack requiring only a low-privileged authenticated account and no user interaction, which is realistic for any multi-tenant or shared Langflow deployment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or compromises any low-privileged Langflow account, then issues authenticated API requests substituting another user's flow, component, or credential ID in the URL or JSON body to read or overwrite that object. Because the platform stores LLM prompts, API keys, and workflow logic, a single iterated script can exfiltrate or tamper with every tenant's flows in minutes; no public exploit code has been identified at time of analysis, but the IDOR pattern is well-understood and trivially weaponizable. |
| Remediation | Apply the patch available per IBM's vendor advisory at https://www.ibm.com/support/pages/node/7275453, which addresses the IDOR by enforcing per-object authorization checks; upgrade beyond Langflow OSS 1.9.1 to the fixed build identified in that bulletin. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all IBM Langflow OSS instances running versions 1.0.0-1.9.1 and identify which systems process sensitive or regulated data. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom
Authorization bypass in IBM Langflow OSS 1.0.0 through 1.8.4 allows unauthenticated remote attackers to access protected
Share
External POC / Exploit Code
Leaving vuln.today