AI Threat Alert AI Threat Alert

CVE-2026-3340

MEDIUM
Published April 30, 2026

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other...

Full CISO analysis pending enrichment.

Severity & Risk

CVSS 3.1
6.5 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Attack Surface

AV AC PR UI S C I A
AV Network
AC Low
PR None
UI None
S Unchanged
C Low
I Low
A None

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-3340?

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Is CVE-2026-3340 actively exploited?

No confirmed active exploitation of CVE-2026-3340 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-3340?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-3340?

CVE-2026-3340 has a CVSS v3.1 base score of 6.5 (MEDIUM).

Technical Details

NVD Description

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Weaknesses (CWE)

CWE-918 Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

Timeline

Published
April 30, 2026
Last Modified
April 30, 2026
First Seen
April 30, 2026
Back to Threat Feed