{"data":{"id":"4a48aa2c-9eb4-400c-a11b-91ed3f4a6998","title":"CVE-2026-7874: IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak","summary":"IBM Langflow OSS versions 1.0.0 through 1.10.0 have a security flaw where stored credentials can be exposed because the software uses weak encryption at rest (encryption that protects data when it's not being actively used). The problem stems from using a poor key derivation mechanism, which is the process that converts a password into the actual encryption key.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-7874","publishedAt":"2026-06-30T20:17:31.900Z","cveId":"CVE-2026-7874","cweIds":["CWE-338"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-30T20:17:31.900Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}