IBM Langflow Desktop
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Langflow Desktop.
By the Year
In 2026 there have been 7 vulnerabilities in IBM Langflow Desktop with an average score of 7.3 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 7.29 |
It may take a day or so for new Langflow Desktop vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Langflow Desktop Security Vulnerabilities
IBM Langflow Desktop 1.0.01.8.4 CMD Exec Vulnerability
CVE-2026-6543
8.8 - High
- April 30, 2026
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.
Code Injection
Directory Traversal in IBM Langflow Desktop 1.8.4 via crafted URL
CVE-2026-3345
6.5 - Medium
- April 30, 2026
IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Directory traversal
IBM Langflow Desktop 1.6-1.8.4 XSS Web UI
CVE-2026-3346
6.4 - Medium
- April 30, 2026
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
SQL Injection
IBM Langflow Desktop SSRF 1.0.0-1.8.4
CVE-2026-3340
6.5 - Medium
- April 30, 2026
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
SSRF
IBM Langflow Desktop 1.2.0-1.8.4: Authenticated Directory Traversal via URL
CVE-2026-4502
6.5 - Medium
- April 30, 2026
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
Directory traversal
Unauth. OOB to View Images in IBM Langflow Desktop 1.0.0-1.8.4
CVE-2026-4503
7.5 - High
- April 30, 2026
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
Insecure Direct Object Reference / IDOR
IBM Langflow Desktop 1.6.0-1.8.2 FAISS Deserialization AoC Exec (Auth)
CVE-2026-3357
8.8 - High
- April 08, 2026
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Langflow Desktop or by IBM? Click the Watch button to subscribe.
