Impact
IBM Langflow Desktop versions 1.0.0 through 1.9.2 are vulnerable to a server‑side request forgery (SSRF) that permits a DNS rebinding bypass. The flaw allows an authenticated attacker to send unauthorized requests from the application, potentially enabling network enumeration or other internal attacks. The weakness is identified as CWE‑918, indicating improper validation of request origins.
Affected Systems
The affected product is IBM Langflow Desktop, older releases from version 1.0.0 up to and including 1.9.2 are compromised.
Risk and Exploitability
The CVSS score of 5.4 classifies the vulnerability as medium severity; no EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog. Based on the description it is inferred that the attacker must be authenticated to the application, and the attack vector is likely through DNS rebinding techniques that subvert the built‑in SSRF guard.
OpenCVE Enrichment