Impact
The vulnerability is a time‑of‑check/time‑of‑use race condition in the URL component of IBM Langflow OSS (src/lfx/src/lfx/components/data_source/url.py) that allows an attacker to perform DNS rebinding and bypass the built‑in SSRF protection. By manipulating the DNS resolution timing, an attacker can cause the application to discover and contact internal services that would normally be forbidden, enabling information disclosure or credential theft. The weakness causes an untrusted external request to be interpreted as an internal one, leading to typical SSRF exploitation possibilities such as accessing the admin console, internal databases or other internal APIs.
Affected Systems
The affected product is IBM Langflow OSS, specifically versions 1.0.0 through 1.9.3 inclusive. The vulnerability does not affect later releases such as 1.10.0, identified by the CVE references and the CNA solution.
Risk and Exploitability
The CVSS score of 7.1 indicates a high severity for confidentiality, integrity, and availability impact, though the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The attack can be carried out by sending crafted DNS responses that cause the application to connect to an internal host, but it requires the attacker to control the DNS resolution for the target hostname or to conduct DNS rebinding, thus limiting the threat to attackers who can influence the client’s DNS queries or compromise a DNS server. Nevertheless, the potential damage—remote disclosure of internal data and possible further lateral movement—warrants prompt remediation.
OpenCVE Enrichment