PT-2026-60863 · Ibm · Langflow Oss
CVE-2026-8056
·
Published
2026-07-17
·
Updated
2026-07-18
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Langflow OSS versions 1.0.0 through 1.10.0
Description
Authenticated users can override component parameters at runtime via the API. This is caused by a flaw in the parameter filtering mechanism within the
apply tweaks() function.Recommendations
As a temporary workaround, restrict access to the
apply tweaks() function to minimize the risk of exploitation.Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Langflow Oss