Server-side Request Forgery Vulnerability in IBM Langflow by IBM
CVE-2026-7754

7.7HIGH

Key Information:

Vendor

IBM

Vendor
CVE Published:
17 July 2026

What is CVE-2026-7754?

An insecure default configuration in IBM Langflow affects versions 1.0.0 through 1.10.0, potentially allowing attackers to exploit server-side request forgery (SSRF) vulnerabilities. The incomplete enforcement of protection mechanisms increases the risk of unauthorized access, making it essential for users to promptly review their configurations and apply the necessary security updates to mitigate this risk.

Affected Version(s)

Langflow OSS 1.0.0 <= 1.10.0

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.