IBM Langflow Oss
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Langflow Oss.
By the Year
In 2026 there have been 6 vulnerabilities in IBM Langflow Oss with an average score of 8.5 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 6 | 8.45 |
It may take a day or so for new Langflow Oss vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Langflow Oss Security Vulnerabilities
IBM Langflow OSS <1.8.4: Unauth MCP Access via Streamable Transport
CVE-2026-7664
9.8 - Critical
- June 22, 2026
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
authentification
IBM Langflow 1.0-1.9.3 Auth Bypass & Improper Python Exec Isolation
CVE-2026-10561
10 - Critical
- June 22, 2026
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
Code Injection
Auth Bypass via IDOR in IBM Langflow OSS 1.0.0-1.9.1
CVE-2026-7787
7.5 - High
- June 11, 2026
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
Insecure Direct Object Reference / IDOR
IBM Langflow OSS 1.0.0-1.9.0 DoS via Uncontrolled Resource Consumption
CVE-2026-7528
7.1 - High
- May 27, 2026
IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
Resource Exhaustion
IBM Langflow OSS 1.9.1 RCE via Symlink during Archive Extraction
CVE-2026-7524
9.8 - Critical
- May 27, 2026
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
Directory traversal
CVE-2026-6542: IBM Langflow OSS 1.0.0-1.8.4 flow_id Info Disclosure and Deletion
CVE-2026-6542
6.5 - Medium
- April 30, 2026
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.
Insecure Direct Object Reference / IDOR
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Langflow Oss or by IBM? Click the Watch button to subscribe.
