{"data":{"id":"674d5bd9-3fe6-4f48-95c1-5eb76db8600a","title":"CVE-2026-3346: IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows","summary":"IBM Langflow Desktop versions 1.6.0 through 1.8.4 has a stored cross-site scripting vulnerability (XSS, a flaw where an attacker can inject malicious code that gets saved and executed in a web interface). An authenticated user can embed JavaScript code in the Web UI, which could alter how the application works and potentially expose user credentials to attackers who access the same session.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-3346","publishedAt":"2026-04-30T21:16:32.610Z","cveId":"CVE-2026-3346","cweIds":["CWE-89"],"cvssScore":"6.4","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-30T21:16:32.610Z","capecIds":["CAPEC-66"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}