CVE-2026-7874

Published Jun 30, 2026

Last updated 3 days ago

Overview

Description
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.
Source
psirt@us.ibm.com
NVD status
Analyzed
Products
langflow

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

psirt@us.ibm.com
CWE-338

Social media

Hype score
Not currently trending

Configurations

References

Sources include official advisories and independent security research.