Skip to main content

IBM Langflow EUVDEUVD-2026-40402

| CVE-2026-10546 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-30 psirt@us.ibm.com GHSA-phxc-h9ch-q3gg
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
vuln.today AI
7.1 HIGH

Network-reachable SSRF needing an authenticated user (PR:L) and a hard-to-win DNS-rebinding race (AC:H); SSRF crosses trust boundary (S:C) exposing internal data (C:H) with limited integrity impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

3
Severity Changed
Jul 02, 2026 - 16:52 NVD
HIGH MEDIUM
CVSS changed
Jul 02, 2026 - 16:52 NVD
7.1 (HIGH) 6.5 (MEDIUM)
Analysis Generated
Jun 30, 2026 - 20:32 vuln.today

DescriptionNVD

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/data_source/url.py ) due to a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding.

AnalysisAI

Server-Side Request Forgery in IBM Langflow OSS 1.0.0 through 1.9.3 allows a low-privileged authenticated user to coerce the server into making attacker-controlled internal requests by abusing the URL data-source component, where a Time-of-Check/Time-of-Use race condition lets a hostname resolve to a safe address during validation and a private/internal address at fetch time (classic DNS rebinding). Exploitation is rated CVSS 7.1 with a scope change, reflecting that the server can be made to reach internal services beyond its own trust boundary; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged user
Delivery
Configure URL component with rebinding hostname
Exploit
Pass host allow-list validation (check)
Execution
Win DNS rebinding race before fetch (use)
Persist
Server requests internal/metadata endpoint
Impact
Exfiltrate internal response data

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated, low-privileged account on the Langflow instance (PR:L) and the ability to invoke the URL data-source component with an attacker-supplied URL. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N, score 7.1) tells a consistent story: network-reachable but requiring some privileges (PR:L, an authenticated user able to invoke the URL component) and high attack complexity (AC:H) because the DNS-rebinding race must be won reliably. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or obtains a low-privileged Langflow account, builds a flow using the URL component, and points it at a hostname they control whose DNS alternates between a public IP (passing validation) and an internal target such as the cloud metadata service. By winning the TOCTOU race via rapid DNS rebinding, the server fetches internal-only data (e.g. …
Remediation Upgrade IBM Langflow OSS to a fixed release above 1.9.3 as specified in the IBM advisory at https://www.ibm.com/support/pages/node/7277560 (exact fixed version not stated in the available data - confirm against the advisory before deploying). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all Langflow OSS deployments and identify running versions (1.0.0-1.9.3); restrict user access to essential personnel with business justification, disable public internet access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-3248 CRITICAL POC
9.8 Apr 07

Langflow before 1.3.0 allows unauthenticated remote code injection through the /api/v1/validate/code endpoint, enabling

CVE-2025-34291 CRITICAL POC
9.4 Dec 05

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote cod

CVE-2026-27966 CRITICAL POC
9.8 Feb 26

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary

CVE-2026-0770 CRITICAL POC
9.8 Jan 23

Langflow has a third RCE vulnerability via exec_globals (EPSS 10.0%) allowing inclusion of untrusted code that executes

CVE-2024-48061 CRITICAL POC
9.8 Nov 04

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the

CVE-2024-42835 CRITICAL POC
9.8 Oct 31

langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.

CVE-2024-37014 CRITICAL POC
9.8 Jun 10

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_compo

CVE-2026-21445 CRITICAL POC
9.1 Jan 02

Langflow before 1.7.0.dev45 exposes multiple API endpoints without authentication, allowing unauthenticated access to us

CVE-2024-7297 HIGH POC
8.8 Jul 30

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged

CVE-2026-0768 CRITICAL
9.8 Jan 23

Langflow has a code injection vulnerability in the code component (EPSS 2.6%) enabling remote code execution through the

CVE-2026-0769 CRITICAL
9.8 Jan 23

Langflow has an eval injection in eval_custom_component_code (EPSS 2.0%) enabling remote code execution through crafted

CVE-2026-10134 CRITICAL
10.0 Jun 30

Remote code execution in IBM Langflow OSS 1.0.0 through 1.9.3 lets an unauthenticated attacker inject and run arbitrary

Share

EUVD-2026-40402 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy