CVE-2026-7528: IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
Summary
IBM Langflow OSS (open-source software) versions 1.0.0 through 1.9.0 has a vulnerability that allows a denial of service attack, which is when an attacker overwhelms a system with requests to make it unavailable. The problem is caused by uncontrolled resource consumption (the system fails to limit how much memory, CPU, or other resources a single request can use).
Vulnerability Details
7.1(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
network
low
low
none
May 27, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7528
First tracked: May 27, 2026 at 02:08 PM
Classified by LLM (prompt v3) · confidence: 92%