CVE-2026-6600
Received Received - Intake
Cross-Site Scripting in Langflow React Frontend Component

Publication date: 2026-04-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-20
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6600
EUVD
EUVD-2026-23764
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langflow-ai langflow to 1.8.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw found in the langflow-ai langflow software up to version 1.8.3, specifically in a frontend React component related to message editing. It allows an attacker to perform cross-site scripting (XSS) by manipulating an unknown function in the specified file. The attack can be launched remotely, and an exploit for this vulnerability has already been published.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of vulnerable versions of langflow up to 1.7.3 and upgrading to a fixed version where proper sanitization is implemented.

As a temporary workaround, restrict access to the Langflow frontend to trusted users only, since the exploit requires authenticated user interaction.

Additionally, monitor and sanitize any user-generated content before rendering, or disable raw HTML rendering features such as the rehype-raw plugin until a patch is applied.

Impact Analysis

The vulnerability can lead to cross-site scripting attacks, which may allow an attacker to execute malicious scripts in the context of a user's browser. This can result in unauthorized actions, data theft, or session hijacking. Since the attack can be launched remotely and an exploit is publicly available, users of the affected software are at risk if they interact with the vulnerable component.

Compliance Impact

The vulnerability is a stored cross-site scripting (XSS) issue that allows attackers to inject malicious scripts which can lead to session hijacking and unauthorized actions on behalf of victims.

Such security weaknesses can impact compliance with common standards and regulations like GDPR and HIPAA because they may lead to unauthorized access to sensitive user data or system functions, violating data protection and privacy requirements.

Specifically, session hijacking and unauthorized API calls could result in exposure or manipulation of personal or protected health information, which is against the mandates of these regulations.

Therefore, failure to remediate this vulnerability could result in non-compliance with these standards due to inadequate protection of user data and insufficient security controls.

Detection Guidance

This vulnerability can be detected by attempting to inject a stored cross-site scripting (XSS) payload into the Langflow frontend, specifically in chat messages or flow descriptions, and observing if the payload executes when viewed.

One method is to manually log into Langflow, send a chat message, then edit the message to include a payload such as <img src=x onerror=alert('attacked!')>. If an alert box appears upon saving or reopening the flow, the vulnerability is present.

Alternatively, automated API exploitation can be performed by sending a request to create a flow with a malicious description containing the XSS payload. For example, using a Python script like `python3 llm-enhance/cve-finding/Injection/rehype_raw_xss_poc.py` can help test for the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6600. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart