Medium nvd · CVE-2026-6542

CVE-2026-6542: IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build

Published Apr 30, 2026 CVSS 6.5

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.

Affected AI Products

langflow

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.