{"data":{"id":"6d98727c-6334-4080-999d-a9a83d73c54d","title":"CVE-2026-6542: IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build ","summary":"IBM Langflow OSS (open-source software) versions 1.0.0 through 1.8.4 has a vulnerability where any user can view and delete other users' data by supplying a flow_id (a reference number for a workflow). This happens because the system doesn't properly check who should be allowed to access certain information, allowing unauthorized access to transaction logs and build data.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-6542","publishedAt":"2026-04-30T22:16:26.340Z","cveId":"CVE-2026-6542","cweIds":["CWE-639"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-30T22:16:26.340Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}