CVE-2026-6542

· NIST NVD ↗

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.

MEDIUM
CVSS severity
6.5
CVSS base score
2026-04-30
Published

CWE codes

CWE-639

Affected products

langflow:langflow

Sources