File Manipulation Vulnerability in IBM Langflow by IBM
CVE-2026-13445
8.1HIGH
What is CVE-2026-13445?
An authenticated attacker can exploit a vulnerability in IBM Langflow (versions 1.0.0 to 1.10.1) by manipulating the SaveToFile component. This exploitation enables the attacker to read and modify files uploaded by other users. By specifying absolute paths, the attacker can either append arbitrary data to victim files, thus breaching confidentiality, or overwrite these files, resulting in data integrity issues. This vulnerability undermines user storage security by breaking the ownership boundaries set by the application.
Affected Version(s)
Langflow OSS 1.0.0 <= 1.10.1