Langflow Langflow Desktop — known CVE vulnerabilities
Every CVE whose affected-product data names Langflow Langflow Desktop, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-6543 — CVSS 8.8 (high): IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process…
CVE-2026-4503 — CVSS 7.5 (high): IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object…
CVE-2026-3345 — CVSS 6.5 (medium): IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2026-3340 — CVSS 6.5 (medium): IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated…
CVE-2026-4502 — CVSS 6.5 (medium): IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker…
CVE-2026-3346 — CVSS 6.4 (medium): IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated…
CVE-2026-3341 — CVSS 5.4 (medium): IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated…