| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| IBM | Langflow OSS | 1.0.0≤ 1.10.0 | affected |
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| IBM | Langflow OSS | 1.0.0 ~ 1.10.0 | cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:* |
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
公開POCは見つかりませんでした。
ログインしてAI POCを生成| CVE-2026-9135 | 9.9 CRITICAL | Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation |
| CVE-2026-8859 | 9.9 CRITICAL | Path Traversal in APIRequest Component via Content-Disposition Header |
| CVE-2026-8481 | 9.9 CRITICAL | Remote Code Execution via Code Validation Endpoint |
| CVE-2026-8476 | 9.9 CRITICAL | Disk Cache Deserialization Remote Code Execution Vulnerability |
| CVE-2026-13446 | 9.8 CRITICAL | Langflow is affected by remote code execution, denial of service, path traversal, and expo |
| CVE-2026-9202 | 9.8 CRITICAL | Unauthenticated User Registration Could Lead to Remote Code Execution |
| CVE-2026-9198 | 9.8 CRITICAL | Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation |
| CVE-2026-9103 | 9.8 CRITICAL | Unauthenticated Superuser Token Issuance via Auto-Login Endpoint |
| CVE-2026-8505 | 9.8 CRITICAL | Authentication Bypass in Webhook Endpoints Allowed Unauthorized Flow Execution |
| CVE-2026-15091 | 9.3 CRITICAL | Multiple Vulnerabilities in IBM Engineering AI hub. |
| CVE-2026-7667 | 8.8 HIGH | Path Traversal Vulnerability in API Request Component Content-Disposition Header Processin |
| CVE-2026-8056 | 8.8 HIGH | Parameter Injection Vulnerability in API Graph Execution Engine |
| CVE-2026-7755 | 8.8 HIGH | MCP Server Configuration Validator Bypass via File Upload API |
| CVE-2026-14499 | 8.8 HIGH | Langflow is affected by remote code execution, denial of service, path traversal, and expo |
| CVE-2026-13445 | 8.1 HIGH | Langflow is affected by remote code execution, denial of service, path traversal, and expo |
| CVE-2026-13448 | 8.1 HIGH | Langflow is affected by remote code execution, denial of service, path traversal, and expo |
| CVE-2026-13473 | 8.1 HIGH | IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow |
| CVE-2026-9762 | 7.8 HIGH | IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc |
| CVE-2026-7754 | 7.7 HIGH | SSRF Protection Configuration Vulnerability |
| CVE-2026-7872 | 7.5 HIGH | Path Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authenti |
Showing 20 of 34 CVEs. View all on vendor page →
まだコメントはありません