PatchSiren cyber security CVE debrief
CVE-2026-13445 IBM CVE debrief
IBM Langflow OSS versions 1.0.0 through 1.10.1 contain a vulnerability in the SaveToFile component. An authenticated attacker can exploit this to read and modify files uploaded by other users by specifying absolute paths to victim storage locations. In append mode, the attacker can read victim file contents, append controlled data, and upload a copy containing victim data to their namespace, breaching confidentiality. In overwrite mode, the attacker can replace victim file contents with arbitrary data, breaching integrity. This vulnerability breaks the storage ownership boundary between users, allowing attackers to access and modify sensitive information.
- Vendor
- IBM
- Product
- Langflow OSS
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of IBM Langflow OSS versions 1.0.0 through 1.10.1 should be aware of this vulnerability and take steps to protect their systems. Specifically, administrators and users who have access to the SaveToFile component are at risk. They should restrict access to the component, implement strict file access controls, and monitor user activity related to file uploads and modifications.
Technical summary
The SaveToFile component in IBM Langflow OSS 1.0.0 through 1.10.1 allows authenticated attackers to read and modify other users' uploaded files by specifying absolute paths. This can lead to confidentiality breaches through appending controlled data to victim files and integrity breaches through overwriting victim file contents with arbitrary data. The vulnerability breaks the storage ownership boundary between users, allowing attackers to access and modify sensitive information. Affected users should restrict access to the SaveToFile component and implement strict file access controls.
Defensive priority
High
Recommended defensive actions
- Restrict access to the SaveToFile component to authorized users only.
- Implement strict file access controls to prevent unauthorized file modifications.
- Monitor user activity related to file uploads and modifications.
- Apply vendor patches or updates as soon as they are available.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
Evidence for this vulnerability comes from the IBM PSIRT page (reference URL provided). The CVE record and NVD detail pages also provide additional context. The vulnerability allows an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. This breaks the storage ownership boundary between users, leading to potential confidentiality and integrity breaches. Evidence is limited, and defenders should verify affected systems and apply patches or mitigations accordingly.
Official resources
-
CVE-2026-13445 CVE record
CVE.org
-
CVE-2026-13445 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T21:17:05.473Z and has not been modified since then.