Description

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.

Severity (CVSS)

Base score9.8
SeverityCritical
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Provided byCNA

Weaknesses

  • CWE-20 — CWE-20 Improper Input Validation

Affected products

VendorProductVersions
IBMLangflow OSS1.0.0 to <=1.10.0

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 01 Jul 2026 07:05 UTC.