Langflow Desktop unauthenticated data leak (CVE-2026-4503)
CVE-2026-4503
CVE-2026-4503: IBM Langflow Desktop 1.0.0–1.8.4 allows unauthenticated users to view other users' images via IDOR. CVSS 7.5. Update to 1.8.5 or later.
Vendor-confirmed - CVE-2026-4503 is a high-severity indirect object reference vulnerability in IBM Langflow Desktop 1.0.0 through 1.8.4 that lets unauthenticated attackers view other users’ images by guessing or manipulating a user-controlled key. Patched in version 1.8.5 - update immediately.
Overview
CVE-2026-4503 is an Insecure Direct Object Reference (IDOR) vulnerability in IBM Langflow Desktop, a low-code tool for building AI workflows. The flaw exists in how the application handles image access requests. When a user requests an image, Langflow uses a user-controlled key to locate and serve the file. An unauthenticated attacker can manipulate this key to reference any image stored by any other user on the same instance, bypassing all access controls.
The vulnerability requires no authentication, no user interaction, and can be exploited over the network at low complexity. The CVSS base score is 7.5 (High). Attackers can view images containing sensitive business data, internal documents, or personally identifiable information (PII) belonging to other Langflow users. This is a confidentiality breach.
Impact
Any Langflow Desktop instance between versions 1.0.0 and 1.8.4 (inclusive) is vulnerable. The attacker does not need to be logged in or have any prior knowledge. They only need the ability to craft HTTP requests to the Langflow service and enumerate or guess valid user keys. Once exploited, the attacker can enumerate all images stored by all users on the affected instance.
This flaw can lead to data breach incidents, regulatory compliance failures, and exposure of intellectual property or trade secrets embedded in screenshots or diagrams.
Remediation
- Update to version 1.8.5 or later. IBM has released Langflow Desktop 1.8.5 which introduces proper authorization checks for image access requests.
- If immediate patching is not possible, restrict network access to the Langflow service using a firewall or VPN. Only trusted users should be able to reach the application endpoint.
- Review access logs for suspicious GET requests to image endpoints with unusual or incremental keys. Investigate any unauthorized access attempts.
- Rotate any credentials or secrets that may have been exposed in images served by the application.
Security Insight
CVE-2026-4503 is another example of the recurring IDOR pattern in AI and low-code platforms, where rapid development prioritizes user convenience over authorization checks. While the impact here is limited to image viewing (not code execution), attackers are increasingly weaponizing read-only data leaks to fuel social engineering campaigns and extortion. Organizations should treat IDOR vulnerabilities in collaboration toolsy as high-risk and prioritize their remediation alongside more dramatic RCE flaws.
Further Reading
Never miss a critical vulnerability
Get real-time security alerts delivered to your preferred platform.
Related Advisories
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variab...
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inclu...
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can cr...
WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due t...