CVE-2026-10546
Received Received - Intake

SSRF via TOCTOU Race Condition in IBM Langflow OSS

Vulnerability report for CVE-2026-10546, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: IBM Corporation

Description

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/data_source/url.py ) due to a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-07-01
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ibm langflow_oss From 1.0.0 (inc) to 1.9.3 (inc)
ibm langflow From 1.0.0 (inc) to 1.9.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-10546 is a Server-Side Request Forgery (SSRF) vulnerability found in IBM Langflow OSS versions 1.0.0 through 1.9.3, specifically in the URL component. It is caused by a Time-of-Check/Time-of-Use (TOCTOU) race condition that can be exploited via DNS rebinding.

The vulnerability occurs because the URL component validates URLs using the function validate_url_for_ssrf(), but then fetches them using RecursiveUrlLoader, which performs its own independent DNS resolution. This creates a timing window where an attacker can manipulate DNS responses to bypass validation and cause the server to make unintended requests.

A similar issue was fixed in another part of the software (api_request.py) by using validate_and_resolve_url() and SSRFProtectedTransport, but this fix was not applied to the URL component, leaving it vulnerable.

Impact Analysis

This SSRF vulnerability can allow an attacker to make the vulnerable server send unauthorized requests to internal or external systems. Because the vulnerability involves a TOCTOU race condition exploitable via DNS rebinding, an attacker could potentially access or manipulate internal resources that are not normally accessible.

The CVSS base score of 7.1 indicates a high severity, with impacts including high confidentiality impact, low integrity impact, and no availability impact. This means sensitive data could be exposed or leaked, but the attacker is less likely to modify data or disrupt service.

IBM recommends upgrading to Langflow OSS version 1.10.0 to fix this issue, as no workarounds or mitigations are currently available.

Mitigation Strategies

IBM strongly recommends upgrading to Langflow OSS version 1.10.0 to address this issue.

No workarounds or mitigations are currently available.

Compliance Impact

The provided information does not specify how the SSRF vulnerability in IBM Langflow OSS affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

There are no specific detection commands or methods provided for identifying this SSRF vulnerability (CVE-2026-10546) on your network or system.

IBM strongly recommends upgrading Langflow OSS to version 1.10.0 to address this issue, as no workarounds or mitigations are currently available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10546. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart