CVE-2026-10560 Overview
CVE-2026-10560 is a missing authentication vulnerability affecting IBM Langflow OSS versions 1.0.0 through 1.9.6. The flaw resides in the /api/v1/build_public_tmp/ endpoints, which fail to enforce authentication on incoming requests. An unauthenticated remote attacker with a valid job identifier can read build event data or cancel running jobs. Successful exploitation leads to information disclosure and denial of service against Langflow build workflows. The vulnerability is categorized under [CWE-287] Improper Authentication.
Critical Impact
Unauthenticated network attackers can read sensitive build event data and terminate active jobs, disrupting Langflow orchestration pipelines.
Affected Products
- IBM Langflow OSS 1.0.0 through 1.9.6
- langflow:langflow component
- Deployments exposing /api/v1/build_public_tmp/ endpoints to untrusted networks
Discovery Timeline
- 2026-06-30 - CVE-2026-10560 published to NVD
- 2026-07-02 - Last updated in NVD database
Technical Details for CVE-2026-10560
Vulnerability Analysis
The flaw exists in the /api/v1/build_public_tmp/ route family in Langflow OSS. These endpoints handle build event streaming and job cancellation operations. The route handlers do not verify caller identity or session state before processing requests. Any client that possesses or guesses a valid job identifier can invoke the endpoints.
Two operations are exposed. The first returns build event data associated with a job identifier, disclosing intermediate outputs, execution traces, and workflow metadata. The second allows cancellation of an in-progress job, terminating the associated build. Confidentiality and availability are both affected, while integrity of stored data remains intact.
Root Cause
The root cause is missing authentication enforcement on public temporary build endpoints. The route was intended for internal build coordination but was exposed on the public API surface without an authentication decorator or middleware check. Access control depends solely on knowledge of the job identifier, which is not a sufficient secret.
Attack Vector
Exploitation requires network access to the Langflow API and a valid job identifier. Attackers can obtain identifiers through log leakage, referrer headers, brute-force enumeration, or side-channel observation. Once known, an attacker issues HTTP requests directly to the /api/v1/build_public_tmp/ endpoints without credentials. No user interaction is required. Refer to the IBM Support Page for vendor-provided technical details.
Detection Methods for CVE-2026-10560
Indicators of Compromise
- Unauthenticated HTTP requests to paths matching /api/v1/build_public_tmp/ in Langflow access logs
- Unexpected job cancellations recorded in Langflow build history without a corresponding authenticated user session
- Repeated 200 OK responses to build_public_tmp requests originating from unknown source IPs
Detection Strategies
- Inspect web server and reverse proxy logs for requests to /api/v1/build_public_tmp/ lacking session cookies or Authorization headers
- Alert on sequential access to multiple job identifiers from a single source, indicating enumeration behavior
- Correlate job cancellation events with authentication logs to identify cancellations without a preceding login
Monitoring Recommendations
- Enable verbose HTTP access logging on all Langflow deployments and forward logs to a central SIEM
- Monitor job lifecycle metrics for abnormal cancellation rates or unexpected event data reads
- Track network exposure of Langflow API endpoints with periodic external attack surface scans
How to Mitigate CVE-2026-10560
Immediate Actions Required
- Upgrade Langflow OSS to a version above 1.9.6 that includes the authentication fix once published by the vendor
- Restrict network access to the Langflow API using firewall rules, VPN, or private network placement
- Place an authenticating reverse proxy in front of Langflow to enforce access control on /api/v1/build_public_tmp/ routes
Patch Information
Refer to the IBM Support Page for the official fixed version and upgrade instructions. Apply the vendor patch as soon as it becomes available in your environment.
Workarounds
- Block external access to /api/v1/build_public_tmp/ at the ingress controller or web application firewall until the patch is applied
- Rotate and shorten the lifetime of job identifiers to reduce the window during which identifiers remain valid
- Deploy Langflow behind an authenticating gateway that requires a valid token on all API paths
# Example nginx configuration to block the vulnerable endpoint
location ~ ^/api/v1/build_public_tmp/ {
deny all;
return 403;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

