CVE-2026-10561

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
References
Link Resource
https://www.ibm.com/support/pages/node/7277242 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*

History

26 Jun 2026, 20:19

Type Values Removed Values Added
CPE cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
First Time Langflow langflow
Langflow
References () https://www.ibm.com/support/pages/node/7277242 - () https://www.ibm.com/support/pages/node/7277242 - Vendor Advisory

22 Jun 2026, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-22 14:16

Updated : 2026-06-26 20:19


NVD link : CVE-2026-10561

Mitre link : CVE-2026-10561

CVE.ORG link : CVE-2026-10561


JSON object : View

Products Affected

langflow

  • langflow
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')