| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Langflow OSS | 1.0.0≤ 1.10.0 | affected |
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM | Langflow OSS | 1.0.0 ~ 1.10.0 | cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:* |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-9135 | 9.9 CRITICAL | Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation |
| CVE-2026-8859 | 9.9 CRITICAL | Path Traversal in APIRequest Component via Content-Disposition Header |
| CVE-2026-8635 | 9.9 CRITICAL | Arbitrary Code Execution in Python Interpreter Component |
| CVE-2026-8481 | 9.9 CRITICAL | Remote Code Execution via Code Validation Endpoint |
| CVE-2026-8476 | 9.9 CRITICAL | Disk Cache Deserialization Remote Code Execution Vulnerability |
| CVE-2026-13446 | 9.8 CRITICAL | Langflow is affected by remote code execution, denial of service, path traversal, and expo |
| CVE-2026-9198 | 9.8 CRITICAL | Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation |
| CVE-2026-9103 | 9.8 CRITICAL | Unauthenticated Superuser Token Issuance via Auto-Login Endpoint |
| CVE-2026-8505 | 9.8 CRITICAL | Authentication Bypass in Webhook Endpoints Allowed Unauthorized Flow Execution |
| CVE-2026-15091 | 9.3 CRITICAL | Multiple Vulnerabilities in IBM Engineering AI hub. |
| CVE-2026-7667 | 8.8 HIGH | Path Traversal Vulnerability in API Request Component Content-Disposition Header Processin |
| CVE-2026-8056 | 8.8 HIGH | Parameter Injection Vulnerability in API Graph Execution Engine |
| CVE-2026-7755 | 8.8 HIGH | MCP Server Configuration Validator Bypass via File Upload API |
| CVE-2026-14499 | 8.8 HIGH | Langflow is affected by remote code execution, denial of service, path traversal, and expo |
| CVE-2026-13445 | 8.1 HIGH | Langflow is affected by remote code execution, denial of service, path traversal, and expo |
| CVE-2026-13448 | 8.1 HIGH | Langflow is affected by remote code execution, denial of service, path traversal, and expo |
| CVE-2026-13473 | 8.1 HIGH | IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow |
| CVE-2026-9762 | 7.8 HIGH | IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc |
| CVE-2026-7754 | 7.7 HIGH | SSRF Protection Configuration Vulnerability |
| CVE-2026-9171 | 7.5 HIGH | Vulnerabilities in IBM WebSphere Application affects IBM PowerVM Novalink. |
Showing top 20 of 34 CVEs. View all on vendor page → →
No comments yet