CVE-2026-3340
MEDIUM WAF: Medium
CVSS 6.5
Published: 2026-04-30
CWE-918
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
WAF Coverage Analysis
Server-Side Request Forgery (SSRF)
Medium WAF Coverage
OWASP: A10:2021 SSRF
934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| langflow | langflow_desktop | 1.0.0 - 1.8.4 |
References
- www.ibm.com (Vendor Advisory)