Data Exposure and Modification Vulnerability in IBM Langflow Software
CVE-2026-10134

10CRITICAL

Key Information:

Vendor: IBM
Status: Langflow Oss
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-10134?

The vulnerability in IBM Langflow allows an attacker to read and manipulate all secrets within the Langflow process. This includes access to every flow, conversation, and saved component in the database. Attackers can exploit this flaw to connect to internal services and abuse cloud metadata endpoints. Furthermore, they can move laterally between tenants within the same instance and establish persistence by altering public flow tool codes, leading to unauthorized code execution on subsequent requests.

Affected Version(s)

Langflow OSS 1.0.0 <= 1.9.3

References

https://www.ibm.com/support/pages/node/7277559

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
May 29, 2026

CVE-2026-10134 Data

JSON