CVE-2026-4502

· NIST NVD ↗

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.

MEDIUM
CVSS severity
6.5
CVSS base score
2026-04-30
Published

CWE codes

CWE-22

Affected products

langflow:langflow_desktop

Sources