CVE-2026-3341
Analyzed Analyzed - Analysis Complete

SSRF Vulnerability in IBM Langflow Desktop

Vulnerability report for CVE-2026-3341, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-16

Assigner: IBM Corporation

Description

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-16
Generated
2026-07-01
AI Q&A
2026-06-11
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
langflow langflow_desktop From 1.0.0 (inc) to 1.9.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-3341 is a vulnerability in IBM Langflow Desktop versions 1.0.0 through 1.9.2 that allows authenticated attackers to bypass server-side request forgery (SSRF) protections using DNS rebinding attacks.

The issue stems from a Time-of-Check to Time-of-Use (TOCTOU) flaw in the function that validates URLs for SSRF protection. This function checks URLs using one DNS lookup method, while the actual connection uses a different DNS lookup, creating a race condition.

An attacker can exploit this race condition by manipulating DNS responses so that the URL initially appears to point to a public IP address during validation but later resolves to a private IP address (such as localhost or internal network addresses) when the request is made.

This allows unauthorized requests to internal services, localhost, or cloud metadata endpoints, bypassing intended SSRF protections.

Although IBM Langflow Desktop includes some DNS pinning protections, these are inconsistently applied, making the SSRF protection bypassable in default configurations.

Impact Analysis

This vulnerability can allow an authenticated attacker to send unauthorized requests from the affected system to internal network services or localhost.

Such unauthorized requests can lead to network enumeration, exposing internal network structure and services.

It may also facilitate other attacks by accessing sensitive internal resources or cloud metadata endpoints that should not be accessible externally.

Overall, this can compromise the confidentiality and integrity of internal systems and data.

Mitigation Strategies

To mitigate this vulnerability, IBM recommends upgrading IBM Langflow Desktop to version 1.9.3, as no workarounds are available.

Compliance Impact

The vulnerability in IBM Langflow Desktop allows authenticated attackers to bypass SSRF protections and potentially access internal services or sensitive metadata endpoints. This unauthorized access risk could lead to exposure or unauthorized processing of sensitive data.

Such exposure or unauthorized access may impact compliance with data protection regulations like GDPR or HIPAA, which require strict controls on data confidentiality and integrity. However, the provided information does not explicitly state the direct effects on compliance with these standards.

Detection Guidance

This vulnerability involves a server-side request forgery (SSRF) in IBM Langflow Desktop versions 1.0.0 through 1.9.2, which can be exploited by an authenticated attacker using DNS rebinding attacks. Detection would involve monitoring for unusual or unauthorized outbound requests from the IBM Langflow Desktop application, especially requests to internal IP addresses such as 127.0.0.1, 192.168.x.x, or 169.254.169.254 that should not normally be accessed.

Since the vulnerability exploits a race condition in DNS resolution, network detection could focus on identifying DNS rebinding attempts or unexpected DNS responses related to the application.

However, the provided resources do not include specific detection commands or scripts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3341. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart