{"data":{"id":"85768b41-e61d-45c1-8860-2e5466e98c4b","title":"CVE-2026-10140: IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API client","summary":"IBM Langflow OSS versions 1.0.0 through 1.10.0 have a vulnerability in voice mode where API client credentials are improperly shared across different tenants (separate user accounts or organizations). An authenticated attacker can manipulate cached data to make requests from other users run under wrong API credentials, leading to incorrect billing charges and misattribution of actions to the wrong user.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10140","publishedAt":"2026-06-30T20:17:27.007Z","cveId":"CVE-2026-10140","cweIds":["CWE-639"],"cvssScore":"9.6","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow OSS"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-30T20:17:27.007Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}