Server-Side Request Forgery Vulnerability in IBM Langflow Desktop
CVE-2026-3340

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Langflow Desktop
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-3340?

IBM Langflow Desktop versions 1.0.0 to 1.8.4 contain a server-side request forgery (SSRF) vulnerability. This issue may allow an authenticated attacker to send unauthorized requests from the system, thereby enabling potential network enumeration and facilitating various forms of attacks. It is crucial for users and administrators to review and apply necessary security patches to mitigate this vulnerability.

Affected Version(s)

Langflow Desktop 1.0.0 <= 1.8.4

References

https://www.ibm.com/support/pages/node/7271096

vendor-advisorypatch

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Feb 27, 2026

CVE-2026-3340 Data

JSON