{"data":{"id":"4dabfc8a-7b83-4fc5-9596-4b043992704b","title":"CVE-2026-6599: A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/ins","summary":"A vulnerability exists in Langflow (an AI application framework) versions up to 1.8.3 in the Model Context Protocol Configuration API, where attackers can manipulate the X-Forwarded-For header (a field that identifies the client's IP address) to perform injection attacks (inserting malicious code into the system). This vulnerability can be exploited remotely, the exploit code is publicly available, and the vendor has not responded to disclosure attempts.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-6599","publishedAt":"2026-04-20T04:16:53.060Z","cveId":"CVE-2026-6599","cweIds":["CWE-74","CWE-707"],"cvssScore":"6.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["langflow-ai","langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-20T04:16:53.060Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}