Description

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

Severity (CVSS)

Base score9.9
SeverityCritical
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Provided byCNA

Weaknesses

  • CWE-94 — CWE-94 Improper Control of Generation of Code ('Code Injection')

Affected products

VendorProductVersions
IBMLangflow OSS1.0.0 to <=1.10.0

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 01 Jul 2026 07:05 UTC.