CVE-2026-3340: IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allo
mediumvulnerability
security
Summary
IBM Langflow Desktop versions 1.0.0 through 1.8.4 have a vulnerability called SSRF (server-side request forgery, where an attacker tricks the server into making requests it shouldn't). An authenticated attacker (someone with login access) could exploit this to send unauthorized requests from the system, potentially discovering network information or launching additional attacks.
Vulnerability Details
CVSS Score
6.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
April 30, 2026
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-3340
First tracked: May 1, 2026 at 02:07 AM
Classified by LLM (prompt v3) · confidence: 85%