CVE-2026-6600: A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src
Summary
A security flaw called CVE-2026-6600 was found in Langflow (an AI tool) up to version 1.8.3 that allows cross-site scripting (XSS, where attackers inject malicious code into web pages to trick users). The vulnerability is in a React component (a reusable piece of code in the user interface) that handles message editing, and it can be exploited remotely by someone with login access.
Vulnerability Details
3.5(low)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
network
low
low
required
April 20, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-6600
First tracked: April 20, 2026 at 08:18 AM
Classified by LLM (prompt v3) · confidence: 85%