{"data":{"id":"3094c833-8c80-4279-b06c-3cb3e8c6d1d3","title":"CVE-2026-10134: IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and","summary":"IBM Langflow OSS (open-source software) versions 1.0.0 through 1.9.3 has a critical vulnerability that lets attackers read sensitive secrets (like passwords or API keys), modify flows (the workflows that connect AI components together), access the database, connect to internal systems, and create persistent backdoors by injecting malicious code into public flows.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10134","publishedAt":"2026-06-30T20:17:26.883Z","cveId":"CVE-2026-10134","cweIds":["CWE-94"],"cvssScore":"10","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-30T20:17:26.883Z","capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}