PT-2026-36200 · Ibm · Langflow Oss
Published
2026-04-30
·
Updated
2026-04-30
·
CVE-2026-6542
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Langflow Oss