File Manipulation Vulnerability in IBM Langflow by IBM
CVE-2026-13445

8.1HIGH

Key Information:

Vendor

IBM

Vendor
CVE Published:
17 July 2026

What is CVE-2026-13445?

An authenticated attacker can exploit a vulnerability in IBM Langflow (versions 1.0.0 to 1.10.1) by manipulating the SaveToFile component. This exploitation enables the attacker to read and modify files uploaded by other users. By specifying absolute paths, the attacker can either append arbitrary data to victim files, thus breaching confidentiality, or overwrite these files, resulting in data integrity issues. This vulnerability undermines user storage security by breaking the ownership boundaries set by the application.

Affected Version(s)

Langflow OSS 1.0.0 <= 1.10.1

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.