VYPR

Langflow OSS

by IBM

Source repositories

CVEs (5)

  • CVE-2026-7524CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.01

    IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

  • CVE-2026-7787HigJun 11, 2026
    risk 0.42cvss 7.5epss 0.00

    IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

  • CVE-2026-7528HigMay 27, 2026
    risk 0.39cvss 7.1epss 0.00

    IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.

  • CVE-2026-7664Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

  • CVE-2026-10561Jun 22, 2026
    risk 0.00cvss epss 0.01

    IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise