A critical authentication-bypass flaw in IBM Langflow OSS lets unauthenticated network attackers obtain full administrative access via the auto-login endpoint, which is exposed by default.
What Is It
CVE-2026-9103 is a critical (CVSS 3.1 base score 9.8) improper authentication vulnerability (CWE-306) in IBM Langflow OSS. The /api/v1/login/auto_login endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTO_LOGIN configuration is enabled, and it is enabled by default. As a result, a remote, unauthenticated attacker on the network can obtain full administrative access. The vulnerability is compounded by permissive cross-origin resource sharing (CORS) settings, which may expose these tokens to unintended origins and further increase the risk of unauthorized access.
Why It Matters
The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reflects the worst-case profile: network-reachable, low complexity, no privileges, and no user interaction required, with high impact to confidentiality, integrity, and availability. Because the vulnerable configuration is on by default, exposed instances grant superuser-level control to anyone who can reach the endpoint; no credentials needed. This gives attackers complete administrative takeover of affected Langflow deployments.
What's Vulnerable
IBM Langflow OSS versions 1.0.0 through 1.10.0 are affected, per IBM's advisory and the NVD record. The flaw is present wherever the default AUTO_LOGIN configuration remains enabled.
Patch Status
Refer to IBM's official advisory (IBM support node 7278926) for remediation guidance and fixed versions. The supplied source material does not include a CISA KEV entry for this CVE, so there is no confirmation of active exploitation in the data provided.
Sources
- IBM Security Advisory; https://www.ibm.com/support/pages/node/7278926
- NVD, CVE-2026-9103, https://nvd.nist.gov/vuln/detail/CVE-2026-9103