Security Bulletin: Langflow OSS Unauthenticated IDOR on Image Downloads — CVE-2026-4503

IBM · CVE-2026-4503

ID
CVE-2026-4503

Date
2026-06-12

Activity
2026-06-12

Source
IBM

Threat
high

Summary

CVE-2026-4503 is a advisory from IBM. Security Bulletin: Langflow OSS Unauthenticated IDOR on Image Downloads Severity/Threat: high.

Product

Langflow OSS

What to do

General, cautious steps (verify details in the official source):

Prioritize patching or mitigation immediately (treat as actively risky).
Identify affected product versions in your inventory and verify whether you are impacted.
Apply vendor patches/updates or recommended mitigations as soon as available.
Read the official advisory for exact affected versions and remediation steps.

Official advisory

Related advisories

Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

2026-06-15 CVE-2026-9319

criticalIBM 2026-W25

Security Bulletin: Security vulnerability has been identified in dojo library shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2018-1000665)

2026-06-15 CVE-2018-1000665

mediumIBM 2026-W25

Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

2026-06-15 CVE-2026-9330

criticalIBM 2026-W25

CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities

2026-06-13 CVE-2026-0249

mediumPalo Alto Networks Palo Alto 2026-W24

CVE-2026-0250 GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway

2026-06-13 CVE-2026-0250

mediumPalo Alto Networks Palo Alto 2026-W24

File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection

2026-06-13 CVE-2026-54090

highGitHub GitHub 2026-W24