{"data":{"id":"64a228a0-d78e-403e-a8c7-ac108b368fcc","title":"CVE-2026-3340: IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allo","summary":"IBM Langflow Desktop versions 1.0.0 through 1.8.4 have a vulnerability called SSRF (server-side request forgery, where an attacker tricks the server into making requests it shouldn't). An authenticated attacker (someone with login access) could exploit this to send unauthorized requests from the system, potentially discovering network information or launching additional attacks.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-3340","publishedAt":"2026-04-30T21:16:32.463Z","cveId":"CVE-2026-3340","cweIds":["CWE-918"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-30T21:16:32.463Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}