{"data":{"id":"6346f206-473e-4c67-8a75-1fd8254bdb89","title":"CVE-2026-6598: A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function cre","summary":"A vulnerability (CVE-2026-6598) was found in langflow-ai langflow versions up to 1.8.3 where the create_project/encrypt_auth_settings function improperly stores sensitive authentication settings in cleartext (unencrypted plain text) on disk instead of protecting them. An attacker can exploit this remotely, and the vulnerability details have been publicly disclosed.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-6598","publishedAt":"2026-04-20T04:16:52.857Z","cveId":"CVE-2026-6598","cweIds":["CWE-312","CWE-313"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["langflow-ai/langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-20T04:16:52.857Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}