PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13446 IBM CVE debrief

IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, which is a critical vulnerability. This vulnerability could allow an attacker to gain unauthorized access to the system. The hard-coded credentials are used for inbound authentication, outbound communication to external components, or encryption of internal data. Users of IBM Langflow OSS 1.0.0 through 1.10.1 should be aware of this vulnerability and take steps to mitigate it. The vulnerability has a CVSS score of 9.8 and is considered critical.

Vendor
IBM
Product
Langflow OSS
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of IBM Langflow OSS 1.0.0 through 1.10.1, operators, platform administrators, vulnerability management teams, and security teams should be aware of this vulnerability and take steps to mitigate it. They should review the affected product scope, assess their exposure, and plan for vendor-supported updates or mitigations.

Technical summary

CVE-2026-13446 is a critical vulnerability in IBM Langflow OSS 1.0.0 through 1.10.1. The vulnerability is caused by hard-coded credentials, which could allow an attacker to gain unauthorized access to the system. The hard-coded credentials are used for inbound authentication, outbound communication to external components, or encryption of internal data. This vulnerability has a high impact on the system's security and integrity.

Defensive priority

High

Recommended defensive actions

  • Inventory and verify affected IBM Langflow OSS versions
  • Apply vendor remediation or patches
  • Implement compensating controls, such as monitoring and exception tracking
  • Review and update authentication and authorization mechanisms
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-17T21:17:05.960Z and has not been modified since then. The NVD entry is currently being reviewed. Users should verify the affected IBM Langflow OSS versions and check for any additional information from IBM. The CVE details are based on the information available from the CVE.org and NVD sources.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T21:17:05.960Z and has not been modified since then.