{"uuid": "f68fc4de-52b1-4d0c-96a1-4d864d4949e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3346", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mky2smzu6f2f", "content": "CVE-2026-3346: stored XSS in IBM Langflow 1.6.0-1.8.4. Authenticated attacker injects JS into Web UI fields, steals cookies/sessions. No patch, no exploit in wild. CVSS 6.4, but credential disclosure risk is real. Pin your versions....\n\n https://www.valtersit.com/cve/2026/04/cve-2026-3346/", "creation_timestamp": "2026-05-03T21:06:48.844643Z"}