CVE-2026-10140
IBM · Langflow OSS
IBM Langflow OSS contains a flaw in shared-state handling allowing cross-tenant API client reuse. Authenticated attackers can manipulate cache state to misattribute billing and credentials.
Executive summary
A critical vulnerability in IBM Langflow OSS allows authenticated attackers to perform cross-tenant API client hijacking, leading to unauthorized billing and data access.
Vulnerability
This vulnerability involves improper shared-state handling in the voice mode component. It allows an authenticated attacker to manipulate cache states, causing requests from other users to be processed with incorrect API credentials.
Business impact
The exploitation of this flaw results in severe cross-tenant data and financial impact. With a CVSS score of 9.6, this vulnerability poses a high risk of unauthorized access to upstream services, potential financial loss due to billing misattribution, and significant compliance and reputational damage.
Remediation
Immediate Action: Upgrade IBM Langflow OSS to the latest patched version provided by the vendor immediately.
Proactive Monitoring: Review application logs for anomalous cross-tenant request patterns and unexpected changes in API client behavior.
Compensating Controls: Implement strict network segmentation and egress filtering to limit the impact if an API client is hijacked.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
Given the critical severity of this vulnerability, immediate patching is required to prevent cross-tenant data leakage and financial misattribution. Organizations should prioritize updating their Langflow OSS instances and auditing existing API configurations for signs of tampering.