CVE-2026-4502

MEDIUM NVD

CVSS Score 6.5

Severity MEDIUM

Published Apr 30, 2026

Vendor unknown

Description

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.

References

https://www.ibm.com/support/pages/node/7271097