CVE-2026-10140

CRITICAL

Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

Title source: cna
STIX 2.1

Description

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7278209

Scores

CVSS v3 9.6
EPSS 0.0020
EPSS Percentile 10.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-639
Status published
Products (2)
IBM/Langflow OSS 1.0.0 - 1.10.0
langflow/langflow 1.0.0 - 1.10.0
Published Jun 30, 2026
Tracked Since Jul 01, 2026