Ghostwire
Home / Vulnerabilities / CVE-2026-3340

CVE-2026-3340: IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may...

MEDIUM CVSS 5.5

Published: April 30, 2026 | Last Modified: April 30, 2026

Description

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (15 articles)

Tenable CVEs
CVE-2026-3340
 Tenable CVEs
CVE-2026-33405
 CVE Feed
CVE-2026-33405 - Pi-hole has a Stored HTML Injection in queries.js
 Tenable CVEs
CVE-2026-33406
 Tenable CVEs
CVE-2026-33404
 Tenable CVEs
CVE-2026-33403
 Tenable CVEs
CVE-2026-33402
 Tenable CVEs
CVE-2026-33409
 Tenable CVEs
CVE-2026-33400
 CVE Feed
CVE-2026-33401 - Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php
 Tenable CVEs
CVE-2026-33407
 CVE Feed
CVE-2026-33407 - Wallos: SSRF via HTTP Proxy Environment Variable
 CVE Feed
CVE-2026-33400 - Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint
 Tenable CVEs
CVE-2026-33401
 CVE Feed
CVE-2026-33409 - Parse Server: Auth provider validation bypass on login via partial authData

References