CVE-2026-4503

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.

high 7.5 CVSS 3.1

Published: Apr 30, 2026

Modified: May 1, 2026

Description

References

https://www.ibm.com/support/pages/node/7271099

Version	3.1
Score	7.5 / 10
Severity	high