Ghostwire
Home / Vulnerabilities / CVE-2026-3346

CVE-2026-3346: IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows...

MEDIUM CVSS 5.5

Published: April 30, 2026 | Last Modified: April 30, 2026

Description

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (10 articles)

Tenable CVEs
CVE-2026-3346
 Tenable CVEs
CVE-2026-33467
 CVE Feed
CVE-2026-33467 - Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass
 Tenable CVEs
CVE-2026-33466
 CVE Feed
CVE-2026-33461 - Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
 Tenable CVEs
CVE-2026-33461
 Tenable CVEs
CVE-2026-33460
 CVE Feed
CVE-2026-33466 - Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write
 Tenable CVEs
CVE-2026-33468
 Tenable CVEs
CVE-2026-33469

References