Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.1%
CVSS Severity
CVSS v3 Score 9.6
Products affected by CVE-2026-10140


Contact Us

Shodan ® - All rights reserved