CVE-2026-10134: IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and
Summary
IBM Langflow OSS (open-source software) versions 1.0.0 through 1.9.3 has a critical vulnerability that lets attackers read sensitive secrets (like passwords or API keys), modify flows (the workflows that connect AI components together), access the database, connect to internal systems, and create persistent backdoors by injecting malicious code into public flows.
Vulnerability Details
10(critical)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
network
low
none
none
June 30, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-10134
First tracked: June 30, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 95%