CVE-2026-3346

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.6.0 through 1.8.4

Description Stored cross-site scripting occurs when an authenticated user embeds arbitrary JavaScript code in the Web UI. This can alter the intended functionality and potentially lead to the disclosure of credentials within a trusted session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.