CVE-2026-9103

IBM · Langflow OSS

IBM Langflow OSS contains an authentication bypass vulnerability in the auto_login endpoint, allowing unauthenticated attackers to gain full administrative access via long-lived bearer tokens.

Executive summary

A critical authentication bypass vulnerability in IBM Langflow OSS allows unauthenticated remote attackers to gain full administrative control over the application.

Vulnerability

This is a missing authentication flaw (CWE-306) within the /api/v1/login/auto_login endpoint. The application enables a default configuration that issues superuser tokens without requiring valid credentials, compounded by overly permissive CORS settings that may expose these tokens.

Business impact

Successful exploitation grants an attacker full administrative privileges, leading to complete system compromise, unauthorized data exfiltration, and potential manipulation of internal AI workflows. With a CVSS score of 9.8, this flaw represents a severe risk that could result in total loss of confidentiality, integrity, and availability of the affected environment.

Remediation

Immediate Action: Upgrade IBM Langflow OSS to version 1.10.1 immediately to resolve the authentication flaw.

Proactive Monitoring: Review access logs for unauthorized administrative activity or suspicious requests directed at the /api/v1/login/auto_login endpoint.

Compensating Controls: If an immediate upgrade is not feasible, restrict network access to the management interface via IP whitelisting and enforce strict CORS policies at the web server level.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the critical severity of this vulnerability and the potential for full administrative takeover, organizations must prioritize patching to version 1.10.1. Immediate action is required to mitigate the risk of unauthorized access and maintain the integrity of your Langflow deployment.