{"data":{"id":"a65b58e9-2552-4b46-bd32-bdf70aa39eff","title":"CVE-2026-4503: IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to","summary":"IBM Langflow Desktop versions 1.0.0 through 1.8.4 have a security flaw where an unauthenticated user (someone without a login) can view other users' images by manipulating a user-controlled key (a piece of data that identifies which resource to access). This happens because the application doesn't properly check permissions when accessing images, which is a type of vulnerability called authorization bypass through user-controlled key (CWE-639).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-4503","publishedAt":"2026-04-30T21:16:33.667Z","cveId":"CVE-2026-4503","cweIds":["CWE-639"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-30T21:16:33.667Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}