CVE-2026-13445

IBM · Langflow OSS

IBM Langflow OSS versions 1.0.0 through 1.10.1 are affected by an authorization bypass vulnerability allowing authenticated users to access resources via user-controlled keys.

Executive summary

An authorization bypass vulnerability in IBM Langflow OSS enables authenticated users to gain unauthorized access to data or functions, threatening system confidentiality and integrity.

Vulnerability

This vulnerability (CWE-639) involves an authorization bypass through a user-controlled key. It allows an authenticated user to perform actions or access data outside of their intended privilege scope.

Business impact

The CVSS score of 8.1 indicates a high severity risk. Successful exploitation could allow attackers to access sensitive information or modify data they are not authorized to interact with, leading to significant internal data exposure and potential administrative compromise.

Remediation

Immediate Action: Upgrade IBM Langflow OSS to version 1.10.2 or later to address the authorization logic flaw.

Proactive Monitoring: Review access logs for abnormal patterns of resource requests or attempts to access IDs not associated with the active user session.

Compensating Controls: Enforce strict role-based access control (RBAC) at the network or proxy level to restrict access to sensitive Langflow endpoints.

Exploitation status

Public Exploit Available: No

Analyst recommendation

This vulnerability highlights a critical failure in authorization controls. Organizations utilizing IBM Langflow OSS should prioritize the transition to version 1.10.2 to ensure proper access restrictions are enforced and to mitigate the risk of unauthorized data access.