Skip to main content

IBM Langflow Desktop CVE-2026-6543

| EUVDEUVD-2026-26448 HIGH
Code Injection (CWE-94)
2026-04-30 ibm
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Apr 30, 2026 - 22:01 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 21:45 euvd
EUVD-2026-26448
Analysis Generated
Apr 30, 2026 - 21:45 vuln.today
Patch released
Apr 30, 2026 - 21:45 nvd
Patch available
CVE Published
Apr 30, 2026 - 21:11 nvd
HIGH 8.8

DescriptionCVE.org

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.

AnalysisAI

Remote code execution in IBM Langflow Desktop 1.0.0 through 1.8.4 allows authenticated attackers to execute arbitrary commands at the privilege level of the Langflow process. Attackers can exfiltrate API keys and database credentials from environment variables, modify application files, or pivot to internal network targets. IBM has released a vendor patch addressing this code injection vulnerability. No active exploitation confirmed by CISA KEV at time of analysis, though CVSS 8.8 severity and low attack complexity indicate high exploitability once authenticated access is obtained.

Technical ContextAI

This vulnerability stems from CWE-94 (Improper Control of Generation of Code/Code Injection) in IBM Langflow Desktop, a desktop application for building and deploying language model workflows. The affected CPE string (cpe:2.3:a:ibm:langflow_desktop) confirms impact across all versions from 1.0.0 to 1.8.4. Code injection flaws typically occur when user-controllable input is passed to code execution functions (eval, exec, system calls) without proper sanitization. In workflow automation platforms like Langflow, this often manifests in custom script nodes, expression evaluators, or template rendering engines that process user-defined logic. The network attack vector (AV:N) suggests the vulnerability is exploitable through Langflow's web interface or API endpoints rather than requiring local desktop access, despite the 'Desktop' product name indicating a locally-installed application with network-accessible components.

RemediationAI

Upgrade IBM Langflow Desktop to the patched version specified in IBM's security bulletin at https://www.ibm.com/support/pages/node/7271092 (exact fixed version number should be verified in the advisory as it is not included in the CVE record). The vendor-released patch addresses the underlying code injection vulnerability. For environments unable to immediately patch, implement compensating controls: restrict network access to Langflow Desktop interfaces using firewall rules or VPN-only access (reduces AV:N to AV:L equivalent), enforce strong authentication and limit user accounts with Langflow access to trusted personnel only (raises the PR:L bar), deploy network segmentation to isolate Langflow instances from sensitive internal systems and prevent lateral movement post-exploitation (contains impact), and monitor process execution and outbound network connections from Langflow processes for anomalous activity (detect exploitation attempts). Note that access restrictions reduce attack surface but do not eliminate the vulnerability - authenticated users remain at risk, and insider threats are unmitigated. Patching remains the only complete remediation.

Share

CVE-2026-6543 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy