IBM Langflow OSS 1.0.0-1.9.0 DoS via Uncontrolled Resource Consumption
CVE-2026-7528 Published on May 27, 2026

Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS
IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-7528 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2026-7528 has been classified to as a Resource Exhaustion vulnerability or weakness.


Products Associated with CVE-2026-7528

Want to know whenever a new CVE is published for IBM Langflow Oss? stack.watch will email you.

IBM Langflow Oss
 

Affected Versions

IBM Langflow OSS: