IBM Langflow
CVE-2026-7667
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable flow creation needs an authenticated low-priv user (PR:L), no interaction (UI:N); arbitrary file write enables code execution, so C/I/A all High.
Primary rating from Vendor (ibm).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e.g., filename="../../../target/path" ), enabling arbitrary file write operations with attacker-controlled content to any path accessible by the Langflow process.
AnalysisAI
Arbitrary file write in IBM Langflow OSS 1.0.0 through 1.10.0 lets an authenticated user create a malicious flow that points to an attacker-controlled URL returning a crafted Content-Disposition header, causing the Langflow process to write attacker-supplied content to any filesystem path it can access. Because writes can land on startup scripts, keys, or configuration files, this path-traversal (CWE-22) flaw is a realistic route to full server compromise. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated Langflow account with the ability to create or edit flows (CVSS PR:L confirms authentication is needed). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8, High) indicates a network-reachable, low-complexity attack needing only low privileges and no user interaction, with high impact to confidentiality, integrity and availability - consistent with an authenticated user who can create flows escalating to arbitrary file write and likely code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged Langflow account builds a flow whose component fetches a URL on a server they control; that server responds with a Content-Disposition header like filename="../../../../etc/cron.d/evil" and a malicious payload as the body. Langflow saves the body to that traversed path, letting the attacker overwrite a cron job, startup script, or config file and pivot to code execution as the Langflow process. … |
| Remediation | Patch available per vendor advisory - upgrade to the fixed IBM Langflow OSS release identified in the IBM Security Bulletin at https://www.ibm.com/support/pages/node/7278931 (consult that advisory for the exact patched version, which is not enumerated in the input data). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all deployments of Langflow 1.0.0-1.10.0, verify vendor-patch availability, and identify patching windows aligned with operational schedules. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Langflow Oss
View allUnauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom
Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-
Remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows attackers to run arbitrary code by planting a mali
Authenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 lets any logged-in user run arbitrary Pytho
Privilege escalation to remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated user to e
Arbitrary file write in IBM Langflow OSS 1.0.0 through 1.10.0 lets an attacker who controls an external HTTP server plan
Arbitrary Python code execution in IBM Langflow OSS 1.0.0 through 1.10.0 (Langflow versions up to 1.9.2) allows authenti
Insecure deserialization (CWE-502) in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any party with access to the b
Arbitrary code execution in IBM Langflow OSS versions 1.0.0 through 1.10.0 allows remote attackers to run code on the ho
Authorization bypass in IBM Langflow OSS 1.0.0 through 1.8.4 allows unauthenticated remote attackers to access protected
Improper authorization enforcement in IBM Langflow OSS 1.0.0 through 1.9.6 lets unauthenticated remote attackers reach p
Unauthenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 stems from broken webhook authentication
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today