CVE-2026-10561 | THREATINT

Description

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise

PUBLISHED Reserved 2026-06-01 | Published 2026-06-22 | Updated 2026-06-23 | Assigner ibm

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

1.0.0 (semver)

affected

References

www.ibm.com/support/pages/node/7277242 vendor-advisory patch

cve.org (CVE-2026-10561)

nvd.nist.gov (CVE-2026-10561)

Download JSON