Impact
An improper shared‐state handling flaw in IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to manipulate cache state so that API client requests cross tenant boundaries. The attacker can force requests from other users to be processed with incorrect upstream API credentials, resulting in billing and accountability being attributed to the wrong tenant. This flaw is classified as CWE‑639, reflecting a weakness in privilege management that enables unauthorized credential reuse.
Affected Systems
IBM Langflow OSS is the affected product. Versions from 1.0.0 up through 1.10.0 contain the vulnerability. The vendor has issued a fix in version 1.10.1, which can be downloaded from the official Python Package Index.
Risk and Exploitability
The CVSS score of 9.6 indicates critical impact. The EPSS score is not available, but the absence of a CISA KEV listing does not diminish the risk for organizations using the current versions. Attackers need only authenticated access to manipulate the shared cache, and the vulnerability is exploitable remotely through the public API endpoints. Once exploited, the attacker can cause services to bill other tenants and obscure the true consumer of the API, enabling fraud.
OpenCVE Enrichment