Medium severity6.5NVD Advisory· Published Apr 30, 2026· Updated May 4, 2026

CVE-2026-6542

Description

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.

Affected products

Langflow/Langflow
cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
Range: >=1.0.0,<1.9.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7270886nvdThird Party Advisory

News mentions

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
The Hacker News · May 14, 2026
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
The Hacker News · May 11, 2026
Metasploit Wrap-Up 04/25/2026
Rapid7 Blog · Apr 24, 2026
23rd March – Threat Intelligence Report
Check Point Research · Mar 23, 2026

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000