CVE-2026-10140 PUBLISHED

Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

Assigner: ibm
Reserved: 29.05.2026 Published: 30.06.2026 Updated: 01.07.2026

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CVSS Score: 9.6

Product Status

Vendor IBM
Product Langflow OSS
Versions
  • affected from 1.0.0 to 1.10.0 (incl.)

Solutions

IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/

References

Problem Types

  • CWE-639 Authorization Bypass Through User-Controlled Key CWE