{"id":"CVE-2026-6542","details":"IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.","modified":"2026-07-15T06:01:29.659452Z","published":"2026-04-30T22:16:26.340Z","references":[{"type":"ADVISORY","url":"https://www.ibm.com/support/pages/node/7270886"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/langflow-ai/langflow","events":[{"introduced":"24d9e86885b877ea3e9d03cbc50b963765489721"},{"fixed":"a47f2ad17eb662e940c550cfccb64a87dddd7e0b"}],"database_specific":{"cpe":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.0.0"},{"fixed":"1.9.0"}],"source":"CPE_RANGE"}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6542.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}