CVE-2026-7874: IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak
Summary
IBM Langflow OSS versions 1.0.0 through 1.10.0 have a security flaw where stored credentials can be exposed because the software uses weak encryption at rest (encryption that protects data when it's not being actively used). The problem stems from using a poor key derivation mechanism, which is the process that converts a password into the actual encryption key.
Vulnerability Details
9.1(critical)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
network
low
none
none
June 30, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7874
First tracked: June 30, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%