PT-2026-60862 · Ibm · Langflow Oss

CVE-2026-7872

·

Published

2026-07-17

·

Updated

2026-07-18

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0
Description An authenticated attacker can read arbitrary files, including the JWT signing key. This allows the attacker to forge authentication tokens for any user. JWT (JSON Web Token) is a compact, URL-safe means of representing claims to be transferred between two parties.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-7872

Affected Products

Langflow Oss