Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-meqh-b1cj-wqgd
Vulnerability ID VCID-meqh-b1cj-wqgd
Aliases CVE-2026-42048
GHSA-9whx-c884-c68q
Summary
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2026-42048
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-9whx-c884-c68q
cvssv3.1 9.6 https://github.com/langflow-ai/langflow
generic_textual CRITICAL https://github.com/langflow-ai/langflow
cvssv3.1 9.6 https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
cvssv3.1_qr CRITICAL https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
generic_textual CRITICAL https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
ssvc Track https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
cvssv3.1 9.6 https://nvd.nist.gov/vuln/detail/CVE-2026-42048
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2026-42048
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-42048
https://github.com/langflow-ai/langflow
https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
https://nvd.nist.gov/vuln/detail/CVE-2026-42048
GHSA-9whx-c884-c68q https://github.com/advisories/GHSA-9whx-c884-c68q
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H Found at https://github.com/langflow-ai/langflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H Found at https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:13:40Z/ Found at https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-42048
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.03543
EPSS Score 0.00015
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T23:09:48.102774+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0