{"data":{"id":"224f0b47-1ddf-45de-8cf0-a768397bb857","title":"CVE-2026-10546: IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( ","summary":"IBM Langflow OSS versions 1.0.0 through 1.9.3 contain a Server-Side Request Forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making requests to unintended locations) in the URL component. The vulnerability is caused by a TOCTOU race condition (a timing bug where a system checks something at one moment but uses it at another, allowing attackers to change it in between), which attackers can exploit through DNS rebinding (a technique where an attacker changes what a domain name points to after the server checks it).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10546","publishedAt":"2026-06-30T20:17:27.140Z","cveId":"CVE-2026-10546","cweIds":["CWE-918"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow OSS"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-30T20:17:27.140Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}