CVE-2026-7872

Summary

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user.

Affected Software

VendorProductVersion RangeStatus
IBMLangflow OSS1.0.0 <= 1.10.0affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References