CVE-2026-10140
Summary
by MITRE • 06/30/2026
IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/30/2026
This vulnerability exists within IBM Langflow Open Source Software version 1.0.0 through 1.10.0 where the application fails to properly manage shared state in voice mode operations. The improper shared-state handling creates a critical security flaw that allows API client reuse across tenant boundaries, effectively breaking the isolation between different user accounts. The vulnerability stems from inadequate session management and state synchronization mechanisms that should prevent cross-tenant resource access.
The technical implementation flaw manifests when multiple tenants utilize the same voice processing functionality within the application. When API clients are cached or reused without proper tenant-specific context separation, an authenticated attacker can manipulate the cache state to redirect requests intended for one tenant to be processed using another tenant's upstream API credentials. This occurs because the system does not adequately validate or enforce tenant boundaries during client initialization and reuse operations. The flaw operates at the application layer and specifically affects the voice mode functionality where API client instances are shared across concurrent user sessions.
The operational impact of this vulnerability extends beyond simple privilege escalation to include significant financial and accountability risks. Cross-tenant billing occurs when requests from one tenant are processed using another tenant's API credentials, resulting in incorrect charge attribution and potentially unauthorized usage of premium services. The misattribution of accountability means that service providers cannot accurately track resource consumption or bill individual tenants correctly. This vulnerability directly violates the principle of least privilege and proper access control enforcement. From a cybersecurity perspective, this represents a serious compromise of multi-tenancy security models and can lead to revenue loss, customer trust degradation, and potential regulatory compliance violations.
Organizations should implement immediate mitigations including proper tenant context isolation during API client initialization, implementing strict cache invalidation policies between tenants, and ensuring that all shared resources maintain proper state boundaries. The vulnerability aligns with CWE-284 (Improper Access Control) and CWE-353 (Missing Support for Weak Cryptographic Algorithms) classifications, as it represents improper access control through shared state management. From an ATT&CK framework perspective, this vulnerability maps to T1078 (Valid Accounts) and T1566 (Phishing) as attackers may exploit legitimate credentials to gain unauthorized access to other tenants' resources. Additional mitigations should include implementing tenant-specific API client pools, adding comprehensive logging and monitoring for cross-tenant resource access patterns, and conducting regular security audits of shared state management components.