{"data":{"id":"2e018c7f-91fc-4fad-85d0-a14ef8759a16","title":"CVE-2026-6596: A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_f","summary":"A security vulnerability (CVE-2026-6596) was found in Langflow (an AI tool) version 1.1.0 and earlier, affecting a file upload function in the API. The flaw allows unrestricted file uploads (meaning attackers can upload any type of file without proper checks), and it can be exploited remotely without requiring authentication or user interaction.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-6596","publishedAt":"2026-04-20T03:16:16.967Z","cveId":"CVE-2026-6596","cweIds":["CWE-284","CWE-434"],"cvssScore":"7.3","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow","langflow-ai"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-20T03:16:16.967Z","capecIds":["CAPEC-1"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}