Hard-Coded Credentials Found in IBM Langflow OSS Across Multiple Versions
CVE-2026-13446

9.8CRITICAL

Key Information:

Vendor

IBM

Vendor
CVE Published:
17 July 2026

What is CVE-2026-13446?

The IBM Langflow OSS software from version 1.0.0 to 1.10.1 is susceptible to vulnerabilities due to hard-coded credentials, which could be exploited for unauthorized access. These credentials are utilized for critical functions such as inbound authentication, outbound communications with external systems, and the encryption of sensitive internal data. This issue could significantly compromise the security posture of systems using this software.

Affected Version(s)

Langflow OSS 1.0.0 <= 1.10.1

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.