CVE-2026-4503

Published: Apr 30, 2026Modified: May 11, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: psirt@us.ibm.com

Description

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.

Affected (1)

Products: Langflow: Langflow Desktop

Langflow

1 product

Langflow Desktop

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Langflow Langflow Desktop	From 1.0.0 to 1.8.4

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://www.ibm.com/support/pages/node/7271099

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.