Back to overview

CVE-2026-8056

HIGH
8.8
CVSS 3.1
Description
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the `apply_tweaks()` function.

Metadata

CVE ID
CVE-2026-8056
State
PUBLISHED
Assigner
ibm
Reserved
2026-05-06 20:34 UTC
Published
2026-07-17 19:13 UTC
Last updated
2026-07-17 19:13 UTC
Primary CWE
CWE-94
CWE-94 Improper Control of Generation of Code ('Code Injecti…
Vendor / Product
IBM / Langflow OSS
Sources
cve.org  ·  NVD

Severity & Metrics

8.8 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
IBM Langflow OSS 1.0.0 ≤ 1.10.0
Weakness (CWE)
CWESourceDescription
CWE-94 cna CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.8 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Back to overview