PatchSiren cyber security CVE debrief
CVE-2026-13446 IBM CVE debrief
IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, which is a critical vulnerability. This vulnerability could allow an attacker to gain unauthorized access to the system. The hard-coded credentials are used for inbound authentication, outbound communication to external components, or encryption of internal data. Users of IBM Langflow OSS 1.0.0 through 1.10.1 should be aware of this vulnerability and take steps to mitigate it. The vulnerability has a CVSS score of 9.8 and is considered critical.
- Vendor
- IBM
- Product
- Langflow OSS
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of IBM Langflow OSS 1.0.0 through 1.10.1, operators, platform administrators, vulnerability management teams, and security teams should be aware of this vulnerability and take steps to mitigate it. They should review the affected product scope, assess their exposure, and plan for vendor-supported updates or mitigations.
Technical summary
CVE-2026-13446 is a critical vulnerability in IBM Langflow OSS 1.0.0 through 1.10.1. The vulnerability is caused by hard-coded credentials, which could allow an attacker to gain unauthorized access to the system. The hard-coded credentials are used for inbound authentication, outbound communication to external components, or encryption of internal data. This vulnerability has a high impact on the system's security and integrity.
Defensive priority
High
Recommended defensive actions
- Inventory and verify affected IBM Langflow OSS versions
- Apply vendor remediation or patches
- Implement compensating controls, such as monitoring and exception tracking
- Review and update authentication and authorization mechanisms
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-17T21:17:05.960Z and has not been modified since then. The NVD entry is currently being reviewed. Users should verify the affected IBM Langflow OSS versions and check for any additional information from IBM. The CVE details are based on the information available from the CVE.org and NVD sources.
Official resources
-
CVE-2026-13446 CVE record
CVE.org
-
CVE-2026-13446 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T21:17:05.960Z and has not been modified since then.