CVE-2026-4502
Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
IBM · Langflow DesktopQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →