IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
References
| Link | Resource |
|---|---|
| https://www.ibm.com/support/pages/node/7277242 | Vendor Advisory |
Configurations
History
26 Jun 2026, 20:19
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:* | |
| First Time |
Langflow langflow
Langflow |
|
| References | () https://www.ibm.com/support/pages/node/7277242 - Vendor Advisory |
22 Jun 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-22 14:16
Updated : 2026-06-26 20:19
NVD link : CVE-2026-10561
Mitre link : CVE-2026-10561
CVE.ORG link : CVE-2026-10561
JSON object : View
Products Affected
langflow
- langflow
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
