CVE-2026-9103
Received Received - Intake

Unauthenticated Superuser Access in IBM Langflow OSS

Vulnerability report for CVE-2026-9103, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: IBM Corporation

Description

IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/auto_login endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTO_LOGIN configuration is enabled (enabled by default), which may allow an unauthenticated network attacker to obtain full administrative access. Additionally, permissive cross-origin resource sharing (CORS) settings may allow tokens to be exposed to unintended origins, increasing the risk of unauthorized access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ibm langflow_oss From 1.0.0 (inc) to 1.10.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability allows unauthenticated remote attackers to gain full administrative access to IBM Langflow OSS versions 1.0.0 through 1.10.0. It occurs because the /api/v1/login/auto_login endpoint issues long-lived superuser tokens without requiring authentication when the AUTO_LOGIN setting is enabled by default. Additionally, permissive CORS settings may expose these tokens to unintended origins.

Detection Guidance

Check if the /api/v1/login/auto_login endpoint is accessible without authentication and if AUTO_LOGIN is enabled in Langflow OSS versions 1.0.0 to 1.10.0. Use curl to test the endpoint: curl -v http://<target>/api/v1/login/auto_login. Verify CORS settings for wildcard origins in server responses.

Impact Analysis

An attacker could exploit this to gain full control over the Langflow OSS instance, including accessing sensitive data, modifying configurations, or executing arbitrary commands. The permissive CORS settings could also allow token theft via malicious websites, enabling unauthorized access without direct network access.

Compliance Impact

This vulnerability could lead to unauthorized access and data breaches, violating confidentiality requirements in GDPR and HIPAA. Full administrative access may result in unauthorized data exposure, modification, or deletion, triggering compliance violations and potential legal penalties.

Mitigation Strategies

Upgrade Langflow OSS to version 1.10.1 or later immediately. Disable the AUTO_LOGIN configuration if upgrading is not possible. Review and restrict CORS settings to avoid wildcard origins. Monitor for unauthorized access or unusual activity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9103. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart