CVE-2026-10140
CRITICAL 9.6IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.
ELEVATED IMPACT
Severe if exploited (CVSS 9.6), but no known exploitation and low modeled probability. Patch on a normal cadence.
Exploitation likelihood
0.2%chance of exploitation in 30 days · 10th percentile
○ In CISA KEV
○ Public exploit / PoC
Impact if exploited
9.6CVSS 3.1 · CRITICAL
- ConfidentialityHigh
- IntegrityHigh
- AvailabilityNone
What an attacker needs
- ✓Access: Reachable over the network — no local access needed
- ⚠Privileges: Requires a low-privilege account
- ✓User interaction: No user interaction needed
- ✓Complexity: No special conditions — reliably repeatable
✓ lowers the bar for an attacker · ⚠ raises it
Weakness (CWE)
- CWE-639: Authorization bypass
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N