CVE-2026-10129: CWE-918 Server-Side Request Forgery (SSRF) in IBM Langflow OSS
IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data.
AI Analysis
Technical Summary
CVE-2026-10129 is a SSRF protection bypass vulnerability in IBM Langflow OSS (versions 1.0.0 through 1.9.3). The issue arises because the application validates only the initial URL in the API Request component but does not re-validate the destinations of HTTP redirects when the follow_redirects parameter is enabled. An authenticated attacker with the flow author role can supply a public URL that redirects to internal or localhost addresses, thereby accessing internal HTTP services, cloud metadata endpoints, and private network resources that should be protected. This can lead to disclosure of sensitive information such as credentials, tokens, internal API responses, and administrative panel data.
Potential Impact
Successful exploitation allows an attacker with low-level authenticated access to bypass SSRF protections and reach internal network resources that are normally inaccessible. This can result in disclosure of sensitive information including credentials, tokens, internal API data, and administrative panel information. The confidentiality impact is high, integrity impact is low, and availability is not affected.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Patch status is not yet confirmed — check IBM's vendor advisory for current remediation guidance. Until a fix is released, restrict or monitor the use of the follow_redirects parameter in the API Request component and limit flow author role privileges where possible to reduce risk.
CVE-2026-10129: CWE-918 Server-Side Request Forgery (SSRF) in IBM Langflow OSS
Description
IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data.
CVSS v3.1
Score 8.5high
Affected software
pkg:github/ibm/langflow_osscpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-10129 is a SSRF protection bypass vulnerability in IBM Langflow OSS (versions 1.0.0 through 1.9.3). The issue arises because the application validates only the initial URL in the API Request component but does not re-validate the destinations of HTTP redirects when the follow_redirects parameter is enabled. An authenticated attacker with the flow author role can supply a public URL that redirects to internal or localhost addresses, thereby accessing internal HTTP services, cloud metadata endpoints, and private network resources that should be protected. This can lead to disclosure of sensitive information such as credentials, tokens, internal API responses, and administrative panel data.
Potential Impact
Successful exploitation allows an attacker with low-level authenticated access to bypass SSRF protections and reach internal network resources that are normally inaccessible. This can result in disclosure of sensitive information including credentials, tokens, internal API data, and administrative panel information. The confidentiality impact is high, integrity impact is low, and availability is not affected.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Patch status is not yet confirmed — check IBM's vendor advisory for current remediation guidance. Until a fix is released, restrict or monitor the use of the follow_redirects parameter in the API Request component and limit flow author role privileges where possible to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- ibm
- Date Reserved
- 2026-05-29T18:24:56.422Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a44256027e9c797195589a8
Added to database: 06/30/2026, 20:21:52 UTC
Last enriched: 06/30/2026, 20:38:06 UTC
Last updated: 06/30/2026, 23:41:36 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.