Ibm Langflow Desktop
7 CVEs affecting Ibm Langflow Desktop. Latest disclosed: 2026-04-30. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6543 | High | 8.8 | 2026-04-30 | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This al… |
CVE-2026-3357 | High | 8.8 | 2026-04-08 | IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default sett… |
CVE-2026-4503 | High | 7.5 | 2026-04-30 | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a… |
CVE-2026-3345 | Medium | 6.5 | 2026-04-30 | IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL reque… |
CVE-2026-4502 | Medium | 6.5 | 2026-04-30 | IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a special… |
CVE-2026-3340 | Medium | 6.5 | 2026-04-30 | IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send una… |
CVE-2026-3346 | Medium | 6.4 | 2026-04-30 | IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitra… |