{"data":{"id":"1b9b297a-796d-4142-b2f8-c5c33d26cd7b","title":"CVE-2026-6600: A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src","summary":"A security flaw called CVE-2026-6600 was found in Langflow (an AI tool) up to version 1.8.3 that allows cross-site scripting (XSS, where attackers inject malicious code into web pages to trick users). The vulnerability is in a React component (a reusable piece of code in the user interface) that handles message editing, and it can be exploited remotely by someone with login access.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-6600","publishedAt":"2026-04-20T04:16:54.603Z","cveId":"CVE-2026-6600","cweIds":["CWE-79","CWE-94"],"cvssScore":"3.5","cvssSeverity":"low","severity":"low","attackType":["jailbreak"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["langflow-ai","langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-20T04:16:54.603Z","capecIds":["CAPEC-198","CAPEC-242","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0054"]}}