Back to overview

CVE-2026-13445

HIGH
8.1
CVSS 3.1
Description
IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. In append mode, the attacker's workflow reads victim file contents, appends attacker-controlled data, and uploads a copy containing victim data to the attacker's namespace (confidentiality breach). In overwrite mode, the attacker can replace victim file contents with arbitrary data (integrity breach). This breaks the storage ownership boundary between users.

Metadata

CVE ID
CVE-2026-13445
State
PUBLISHED
Assigner
ibm
Reserved
2026-06-26 16:40 UTC
Published
2026-07-17 20:44 UTC
Last updated
2026-07-17 20:44 UTC
Primary CWE
CWE-639
CWE-639 Authorization Bypass Through User-Controlled Key
Vendor / Product
IBM / Langflow OSS
Sources
cve.org  ·  NVD

Severity & Metrics

8.1 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products (1)
VendorProductPlatformVersions
IBM Langflow OSS 1.0.0 ≤ 1.10.1
Weakness (CWE)
CWESourceDescription
CWE-639 cna CWE-639 Authorization Bypass Through User-Controlled Key
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.1 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Back to overview