CVE-2026-10140

IBM · Langflow OSS

IBM Langflow OSS contains a flaw in shared-state handling allowing cross-tenant API client reuse. Authenticated attackers can manipulate cache state to misattribute billing and credentials.

Executive summary

A critical vulnerability in IBM Langflow OSS allows authenticated attackers to perform cross-tenant API client hijacking, leading to unauthorized billing and data access.

Vulnerability

This vulnerability involves improper shared-state handling in the voice mode component. It allows an authenticated attacker to manipulate cache states, causing requests from other users to be processed with incorrect API credentials.

Business impact

The exploitation of this flaw results in severe cross-tenant data and financial impact. With a CVSS score of 9.6, this vulnerability poses a high risk of unauthorized access to upstream services, potential financial loss due to billing misattribution, and significant compliance and reputational damage.

Remediation

Immediate Action: Upgrade IBM Langflow OSS to the latest patched version provided by the vendor immediately.

Proactive Monitoring: Review application logs for anomalous cross-tenant request patterns and unexpected changes in API client behavior.

Compensating Controls: Implement strict network segmentation and egress filtering to limit the impact if an API client is hijacked.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

Given the critical severity of this vulnerability, immediate patching is required to prevent cross-tenant data leakage and financial misattribution. Organizations should prioritize updating their Langflow OSS instances and auditing existing API configurations for signs of tampering.