All 7 CVE vulnerabilities found in Langflow Desktop, with AI-generated Chinese analysis, references, and POCs.
Vendor: IBM
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6543 | Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint CWE-94 | 8.8 | High | 2026-04-30 |
| CVE-2026-3345 | Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint CWE-22 | 6.5 | Medium | 2026-04-30 |
| CVE-2026-3346 | Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw CWE-89 | 6.4 | Medium | 2026-04-30 |
| CVE-2026-3340 | Server-Side Request Forgery (SSRF) in Langflow URL Component CWE-918 | 6.5 | Medium | 2026-04-30 |
| CVE-2026-4502 | Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API CWE-22 | 6.5 | Medium | 2026-04-30 |
| CVE-2026-4503 | Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint CWE-639 | 7.5 | High | 2026-04-30 |
| CVE-2026-3357 | IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file CWE-502 | 8.8 | High | 2026-04-08 |
All 7 known CVE vulnerabilities affecting Langflow Desktop with full Chinese analysis, references, and POCs where available.