CyberRota
← Ana sayfaya dön

CVE-2026-10140

CRITICAL · CVSS 9.6

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-30T20:17:27.007 · Çekilme zamanı: 2026-07-01T06:08:33.196883+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-10140
Severity
CRITICAL
CVSS
9.6
EPSS
Yok

Orijinal NVD Açıklaması

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.