AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-6598: A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function cre

mediumvulnerability

security

Source: NVD/CVE DatabaseApril 20, 2026CVE-2026-6598

Summary

A vulnerability (CVE-2026-6598) was found in langflow-ai langflow versions up to 1.8.3 where the create_project/encrypt_auth_settings function improperly stores sensitive authentication settings in cleartext (unencrypted plain text) on disk instead of protecting them. An attacker can exploit this remotely, and the vulnerability details have been publicly disclosed.

Vulnerability Details

CVSS Score

4.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

network

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

April 20, 2026

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-312 CWE-313

Affected Vendors

LangChain

Related Issues

medium

CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e

Same vendorNVD/CVE Database

critical

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

Same vendor

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-6598

First tracked: April 20, 2026 at 08:18 AM

Classified by LLM (prompt v3) · confidence: 85%