Medium nvd · CVE-2026-4502

CVE-2026-4502: IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the s

Published Apr 30, 2026 CVSS 6.5

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.

Affected AI Products

langflow

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.