A critical flaw in IBM Langflow OSS voice mode lets an authenticated attacker manipulate shared cache state so other users' requests run against the wrong upstream API credentials.
What Is It
CVE-2026-10140 is an improper shared-state handling vulnerability (CWE-639, Authorization Bypass Through User-Controlled Key) in the voice mode of IBM Langflow OSS. The component reuses API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, resulting in cross-tenant billing and accountability misattribution.
Why It Matters
The vulnerability carries a CVSS 3.1 base score of 9.6 (CRITICAL), vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. It is network-exploitable with low attack complexity, requires only low privileges, and needs no user interaction. The scope is Changed, with High impact to both confidentiality and integrity. Because requests can be attributed to and billed against the wrong tenant, the flaw undermines both financial accountability and trust boundaries between users of a shared Langflow deployment.
The supplied CISA KEV entry is empty, so there is no confirmation of active exploitation in the KEV catalog at this time.
What's Vulnerable
- Vendor: IBM
- Product: Langflow OSS
- Affected versions: 1.0.0 through 1.10.0 (semver range, all versions in that span marked affected)
The condition is specific to the product's voice mode feature.
Patch Status
IBM (PSIRT source [email protected]) published the advisory on 2026-06-30. Refer to the IBM support advisory below for the vendor's remediation guidance and fixed-version information. Organizations running affected Langflow OSS releases (1.0.0–1.10.0) should consult that advisory and apply the vendor's recommended remediation.
Sources
- IBM Security Advisory; https://www.ibm.com/support/pages/node/7278209
- NVD, CVE-2026-10140, https://nvd.nist.gov/vuln/detail/CVE-2026-10140