CVE-2026-4502
Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Productos afectados
IBM · Langflow Desktop¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →