Directory Traversal Vulnerability in IBM Langflow Desktop
CVE-2026-3345

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Langflow Desktop
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-3345?

IBM Langflow Desktop versions up to 1.8.4 are susceptible to a directory traversal vulnerability that allows remote attackers to exploit the system. By sending a specially crafted URL with 'dot dot' sequences (/../), an attacker could access files outside the intended directory structure, potentially leading to unauthorized data exposure. Users are encouraged to apply security patches provided by IBM to mitigate this risk.

Affected Version(s)

Langflow Desktop 1.8.4

References

https://www.ibm.com/support/pages/node/7271094

vendor-advisorypatch

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Feb 27, 2026

CVE-2026-3345 Data

JSON