{"data":{"id":"b75c0487-36a3-420c-9310-e0bf74aafbca","title":"CVE-2026-10129: IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in th","summary":"IBM Langflow OSS versions 1.0.0 through 1.9.3 have a vulnerability where attackers can bypass SSRF protection (a security feature that prevents the server from making requests to internal systems). An authenticated user with basic permissions can enable a follow_redirects setting and use a public URL that redirects to internal addresses, allowing them to access sensitive internal services and data that should be blocked.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10129","publishedAt":"2026-06-30T20:17:26.747Z","cveId":"CVE-2026-10129","cweIds":["CWE-918"],"cvssScore":"8.5","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["IBM Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-30T20:17:26.747Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}