PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13445 IBM CVE debrief

IBM Langflow OSS versions 1.0.0 through 1.10.1 contain a vulnerability in the SaveToFile component. An authenticated attacker can exploit this to read and modify files uploaded by other users by specifying absolute paths to victim storage locations. In append mode, the attacker can read victim file contents, append controlled data, and upload a copy containing victim data to their namespace, breaching confidentiality. In overwrite mode, the attacker can replace victim file contents with arbitrary data, breaching integrity. This vulnerability breaks the storage ownership boundary between users, allowing attackers to access and modify sensitive information.

Vendor
IBM
Product
Langflow OSS
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of IBM Langflow OSS versions 1.0.0 through 1.10.1 should be aware of this vulnerability and take steps to protect their systems. Specifically, administrators and users who have access to the SaveToFile component are at risk. They should restrict access to the component, implement strict file access controls, and monitor user activity related to file uploads and modifications.

Technical summary

The SaveToFile component in IBM Langflow OSS 1.0.0 through 1.10.1 allows authenticated attackers to read and modify other users' uploaded files by specifying absolute paths. This can lead to confidentiality breaches through appending controlled data to victim files and integrity breaches through overwriting victim file contents with arbitrary data. The vulnerability breaks the storage ownership boundary between users, allowing attackers to access and modify sensitive information. Affected users should restrict access to the SaveToFile component and implement strict file access controls.

Defensive priority

High

Recommended defensive actions

  • Restrict access to the SaveToFile component to authorized users only.
  • Implement strict file access controls to prevent unauthorized file modifications.
  • Monitor user activity related to file uploads and modifications.
  • Apply vendor patches or updates as soon as they are available.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

Evidence for this vulnerability comes from the IBM PSIRT page (reference URL provided). The CVE record and NVD detail pages also provide additional context. The vulnerability allows an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. This breaks the storage ownership boundary between users, leading to potential confidentiality and integrity breaches. Evidence is limited, and defenders should verify affected systems and apply patches or mitigations accordingly.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T21:17:05.473Z and has not been modified since then.