AI Threat Alert
CVE-2026-3346
MEDIUMIBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Full CISO analysis pending enrichment.
Severity & Risk
Attack Surface
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2026-3346?
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Is CVE-2026-3346 actively exploited?
No confirmed active exploitation of CVE-2026-3346 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-3346?
No patch is currently available. Monitor vendor advisories for updates.
What is the CVSS score for CVE-2026-3346?
CVE-2026-3346 has a CVSS v3.1 base score of 6.4 (MEDIUM).
Technical Details
NVD Description
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N