CVE-2026-10560: IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoi
Summary
IBM Langflow OSS (open-source software) versions 1.0.0 through 1.9.6 have a missing authentication vulnerability in the /api/v1/build_public_tmp/ endpoints, which allows attackers without credentials to read build event data or cancel jobs if they know the job identifier, leading to information disclosure (unauthorized data access) and denial of service (disrupting service availability). This vulnerability is caused by improper authentication (CWE-287, a weakness in verifying user identity).
Vulnerability Details
8.2(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
network
low
none
none
June 30, 2026
Classification
Affected Vendors
Related Issues
GHSA-382c-vx95-w3p5: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-10560
First tracked: June 30, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%