CVE-2026-7754

IBM · Langflow OSS

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability that may allow an authenticated user to gain unauthorized access to sensitive information.

Executive summary

An authenticated vulnerability in IBM Langflow OSS versions 1.0.0 through 1.10.0 poses a high risk of unauthorized information disclosure.

Vulnerability

This vulnerability involves an improper access control flaw that allows an authenticated user with low privileges to access data outside their intended scope. The attack vector is network based and requires the attacker to have an established user session.

Business impact

Successful exploitation allows an authenticated attacker to access sensitive information, which could lead to significant data breaches and a compromise of organizational confidentiality. With a CVSS score of 7.7, this flaw is categorized as high severity and requires immediate attention to prevent unauthorized data exposure.

Remediation

Immediate Action: Upgrade to IBM Langflow OSS version 1.10.1 or later as specified in the official vendor guidance.

Proactive Monitoring: Review application access logs for unusual patterns of data retrieval or requests originating from low-privileged user accounts.

Compensating Controls: Ensure that strict network segmentation and identity access management policies are enforced to limit the potential impact of an authenticated account compromise.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Given the severity of this vulnerability, administrators should prioritize the update to version 1.10.1. Applying the vendor-provided patch is the only definitive way to mitigate the risk of unauthorized data access.