IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HLangflow
APPLangflow1.0.0 – 1.9.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth Bypass
CWE
References
Related vulnerabilities
CVE-2026-33017CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Langflow: nieuwierzytelniony RCE przez endpoint budowania publicznych przepływów
CVE-2025-34291CRITICAL9.4⚠ KEVPL ✓ten sam produkt
Langflow: przejęcie konta i RCE przez błędną konfigurację CORS
CVE-2025-3248CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Nieuwierzytelnione RCE w Langflow poprzez wstrzyknięcie kodu w endpoint /api/v1/validate/code
CVE-2026-10140CRITICAL9.6ten sam produkt
IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of ...
CVE-2026-10134CRITICAL10.0ten sam produkt
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process...