CVE Catalog

CVE-2026-10564

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

IBM Langflow OSS versions 1.0.0 through 1.9.6 contain a Server-Side Request Forgery (SSRF) vulnerability. The RSSReaderComponent and SearXNG components make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3.

Risk Assessment

An authenticated attacker can exploit this to access internal resources, including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows.

Recommendation

Immediately upgrade IBM Langflow OSS to version 1.9.7 or later, which includes a fix for the SSRF vulnerability. Additionally, restrict access to the RSSReaderComponent and SearXNG components and monitor network traffic for suspicious HTTP requests.

Original NVD description (English source)

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS