CVE-2026-4502 (GCVE-0-2026-4502)
Vulnerability from cvelistv5 – Published: 2026-04-30 20:57 – Updated: 2026-06-12 20:28
VLAI
Title
Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API
Summary
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7271097 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Langflow Desktop |
Affected:
1.2.0 , ≤ 1.8.4
(semver)
cpe:2.3:a:ibm:langflow_desktop:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:langflow_desktop:1.8.4:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T14:57:03.183036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T14:58:10.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:langflow_desktop:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:langflow_desktop:1.8.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Langflow Desktop",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.8.4",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "The vulnerability was reported to IBM by Akshat Sinha, Senior SRE Rubrik (https://www.linkedin.com/in/akshat-sinha-568765167)."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send\u0026nbsp;a specially crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send\u00a0a specially crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T20:28:41.538Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7271097"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM recommends addressing the vulnerability now by upgrading to IBM Langflow Desktop 1.9.0 or newer \u003ca href=\"https://www.langflow.org/blog/langflow-1-9-desktop\" rel=\"nofollow\"\u003ehttps://www.langflow.org/blog/langflow-1-9-desktop\u003c/a\u003e\u003cbr\u003eIf you are already using Langflow Desktop, upgrade in the application to version 1.9.0\u003cbr\u003eTo install Langflow Desktop for the first time, visit \u003ca href=\"https://langflow.org/desktop\" rel=\"nofollow\"\u003e\u0026nbsp;Langflow Desktop\u003c/a\u003e.\u003ca href=\"https://langflow.org/desktop\" rel=\"nofollow\"\u003eDownload\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "IBM recommends addressing the vulnerability now by upgrading to IBM Langflow Desktop 1.9.0 or newer https://www.langflow.org/blog/langflow-1-9-desktop \nIf you are already using Langflow Desktop, upgrade in the application to version 1.9.0\nTo install Langflow Desktop for the first time, visit \u00a0Langflow Desktop https://langflow.org/desktop . Download https://langflow.org/desktop"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-4502",
"datePublished": "2026-04-30T20:57:08.130Z",
"dateReserved": "2026-03-20T13:47:59.369Z",
"dateUpdated": "2026-06-12T20:28:41.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-4502",
"date": "2026-06-20",
"epss": "0.00275",
"percentile": "0.19083"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-4502\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-04-30T21:16:33.533\",\"lastModified\":\"2026-05-11T17:06:21.467\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send\u00a0a specially crafted URL request containing \\\"dot dot\\\" sequences (/../) to write arbitrary files on the system.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2.0\",\"versionEndIncluding\":\"1.8.4\",\"matchCriteriaId\":\"4B9C49D8-B198-43A9-ACF6-ADEB4BA58A96\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7271097\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-4502\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-01T14:57:03.183036Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-01T14:57:31.370Z\"}}], \"cna\": {\"title\": \"Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"The vulnerability was reported to IBM by Akshat Sinha, Senior SRE Rubrik (https://www.linkedin.com/in/akshat-sinha-568765167).\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:langflow_desktop:1.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:langflow_desktop:1.8.4:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Langflow Desktop\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.8.4\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM recommends addressing the vulnerability now by upgrading to IBM Langflow Desktop 1.9.0 or newer https://www.langflow.org/blog/langflow-1-9-desktop \\nIf you are already using Langflow Desktop, upgrade in the application to version 1.9.0\\nTo install Langflow Desktop for the first time, visit \\u00a0Langflow Desktop https://langflow.org/desktop . Download https://langflow.org/desktop\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM recommends addressing the vulnerability now by upgrading to IBM Langflow Desktop 1.9.0 or newer \u003ca href=\\\"https://www.langflow.org/blog/langflow-1-9-desktop\\\" rel=\\\"nofollow\\\"\u003ehttps://www.langflow.org/blog/langflow-1-9-desktop\u003c/a\u003e\u003cbr\u003eIf you are already using Langflow Desktop, upgrade in the application to version 1.9.0\u003cbr\u003eTo install Langflow Desktop for the first time, visit \u003ca href=\\\"https://langflow.org/desktop\\\" rel=\\\"nofollow\\\"\u003e\u0026nbsp;Langflow Desktop\u003c/a\u003e.\u003ca href=\\\"https://langflow.org/desktop\\\" rel=\\\"nofollow\\\"\u003eDownload\u003c/a\u003e\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7271097\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send\\u00a0a specially crafted URL request containing \\\"dot dot\\\" sequences (/../) to write arbitrary files on the system.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send\u0026nbsp;a specially crafted URL request containing \\\"dot dot\\\" sequences (/../) to write arbitrary files on the system.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-06-12T20:28:41.538Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-4502\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-12T20:28:41.538Z\", \"dateReserved\": \"2026-03-20T13:47:59.369Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-04-30T20:57:08.130Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…