{"data":{"id":"af2b8eda-e3de-4b5d-9fb5-46f594cb1267","title":"CVE-2026-10560: IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoi","summary":"IBM Langflow OSS (open-source software) versions 1.0.0 through 1.9.6 have a missing authentication vulnerability in the /api/v1/build_public_tmp/ endpoints, which allows attackers without credentials to read build event data or cancel jobs if they know the job identifier, leading to information disclosure (unauthorized data access) and denial of service (disrupting service availability). This vulnerability is caused by improper authentication (CWE-287, a weakness in verifying user identity).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10560","publishedAt":"2026-06-30T20:17:27.263Z","cveId":"CVE-2026-10560","cweIds":["CWE-287"],"cvssScore":"8.2","cvssSeverity":"high","severity":"high","attackType":["pii_leakage","denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-30T20:17:27.263Z","capecIds":["CAPEC-114"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}