CVE-2026-4502: IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the s
Summary
IBM Langflow Desktop versions 1.2.0 through 1.8.4 has a path traversal vulnerability (CVE-2026-4502) that allows an authenticated attacker to write arbitrary files on a system by sending specially crafted URL requests with "dot dot" sequences (/../, which move up directory levels). This affects users who are already logged into the application.
Vulnerability Details
6.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
network
low
low
none
April 30, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-4502
First tracked: May 1, 2026 at 02:07 AM
Classified by LLM (prompt v3) · confidence: 92%