CVE-2026-10129 in Langflow OSS
Summary
by MITRE • 06/30/2026
IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/01/2026
The vulnerability under discussion represents a critical server-side request forgery protection bypass in IBM Langflow Open Source Software version 1.0.0 through 1.9.3. This security flaw exists within the API Request component where the application fails to properly validate redirect destinations after initial URL validation. The issue manifests when an authenticated attacker with minimal privileges, specifically a flow author role, manipulates the follow_redirects parameter alongside a public URL that subsequently redirects to internal or localhost addresses. This bypass mechanism directly contravenes standard security practices for preventing unauthorized access to internal network resources and demonstrates a fundamental flaw in the application's request handling logic.
The technical implementation of this vulnerability stems from inadequate input validation procedures within the API Request component. When an attacker supplies a public URL with the follow_redirects parameter enabled, the system performs initial validation only on the original external URL while failing to re-evaluate or validate the final destination of any redirect chain. This represents a classic security control bypass where the application's trust boundary is violated through improper handling of HTTP redirects. The vulnerability maps directly to CWE-918 which defines Server-Side Request Forgery as a condition where an attacker can manipulate a server into making requests to arbitrary destinations. This weakness creates an attack surface that enables unauthorized access to internal systems, localhost endpoints, and cloud metadata services that should remain protected from external access.
The operational impact of this vulnerability extends beyond simple information disclosure to encompass potential privilege escalation and comprehensive internal network reconnaissance. Attackers leveraging this flaw can access sensitive internal HTTP services, extract credentials and authentication tokens from internal APIs, obtain administrative panel data, and gather detailed information about internal system configurations. The security implications are particularly severe because the vulnerability requires only low-level privileges to exploit, making it accessible to users who normally should not have access to internal network resources. This breach of privilege isolation represents a significant threat to organizational security posture as it allows attackers to move laterally within networks and potentially gain access to critical infrastructure components that should remain isolated from public exposure.
Organizations utilizing IBM Langflow OSS in affected versions face substantial risk mitigation requirements when addressing this vulnerability. The recommended approach involves implementing comprehensive redirect validation mechanisms that re-evaluate all destinations within redirect chains, regardless of their initial validation status. Security controls should be enhanced to include network-level restrictions preventing access to localhost and internal IP ranges from external-facing applications, as well as implementing proper URL sanitization and validation procedures that align with OWASP secure coding practices. Additionally, organizations should consider implementing network segmentation strategies and access control measures that limit the potential impact of such vulnerabilities by reducing the attack surface available to authenticated users. The vulnerability demonstrates the importance of maintaining consistent security validation throughout the entire request lifecycle, particularly when dealing with dynamic redirect mechanisms that can be manipulated to bypass initial security controls.