Skip to main content

IBM Langflow CVE-2026-7667

HIGH
Path Traversal (CWE-22)
2026-07-17 ibm
8.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
HIGH
qualitative
NVD
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable flow creation needs an authenticated low-priv user (PR:L), no interaction (UI:N); arbitrary file write enables code execution, so C/I/A all High.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 17, 2026 - 19:50 vuln.today
CVE Published
Jul 17, 2026 - 19:21 cve.org
HIGH 8.8

DescriptionNVD

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e.g., filename="../../../target/path" ), enabling arbitrary file write operations with attacker-controlled content to any path accessible by the Langflow process.

AnalysisAI

Arbitrary file write in IBM Langflow OSS 1.0.0 through 1.10.0 lets an authenticated user create a malicious flow that points to an attacker-controlled URL returning a crafted Content-Disposition header, causing the Langflow process to write attacker-supplied content to any filesystem path it can access. Because writes can land on startup scripts, keys, or configuration files, this path-traversal (CWE-22) flaw is a realistic route to full server compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Langflow (low-priv user)
Delivery
Create flow pointing to attacker-controlled URL
Exploit
Server returns crafted Content-Disposition filename with traversal
Execution
Langflow writes payload to arbitrary path
Persist
Overwrite startup/cron/config file
Impact
Execute code as Langflow process

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated Langflow account with the ability to create or edit flows (CVSS PR:L confirms authentication is needed). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8, High) indicates a network-reachable, low-complexity attack needing only low privileges and no user interaction, with high impact to confidentiality, integrity and availability - consistent with an authenticated user who can create flows escalating to arbitrary file write and likely code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged Langflow account builds a flow whose component fetches a URL on a server they control; that server responds with a Content-Disposition header like filename="../../../../etc/cron.d/evil" and a malicious payload as the body. Langflow saves the body to that traversed path, letting the attacker overwrite a cron job, startup script, or config file and pivot to code execution as the Langflow process. …
Remediation Patch available per vendor advisory - upgrade to the fixed IBM Langflow OSS release identified in the IBM Security Bulletin at https://www.ibm.com/support/pages/node/7278931 (consult that advisory for the exact patched version, which is not enumerated in the input data). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all deployments of Langflow 1.0.0-1.10.0, verify vendor-patch availability, and identify patching windows aligned with operational schedules. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-10561 CRITICAL
10.0 Jun 22

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom

CVE-2026-7873 CRITICAL
9.9 Jun 30

Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-

CVE-2026-8476 CRITICAL
9.9 Jul 17

Remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows attackers to run arbitrary code by planting a mali

CVE-2026-8481 CRITICAL
9.9 Jul 17

Authenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 lets any logged-in user run arbitrary Pytho

CVE-2026-8635 CRITICAL
9.9 Jul 17

Privilege escalation to remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated user to e

CVE-2026-8859 CRITICAL
9.9 Jul 17

Arbitrary file write in IBM Langflow OSS 1.0.0 through 1.10.0 lets an attacker who controls an external HTTP server plan

CVE-2026-9135 CRITICAL
9.9 Jul 17

Arbitrary Python code execution in IBM Langflow OSS 1.0.0 through 1.10.0 (Langflow versions up to 1.9.2) allows authenti

CVE-2026-7871 CRITICAL
9.8 Jun 30

Insecure deserialization (CWE-502) in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any party with access to the b

CVE-2026-7803 CRITICAL
9.8 Jun 30

Arbitrary code execution in IBM Langflow OSS versions 1.0.0 through 1.10.0 allows remote attackers to run code on the ho

CVE-2026-7664 CRITICAL
9.8 Jun 22

Authorization bypass in IBM Langflow OSS 1.0.0 through 1.8.4 allows unauthenticated remote attackers to access protected

CVE-2026-7663 CRITICAL
9.8 Jun 30

Improper authorization enforcement in IBM Langflow OSS 1.0.0 through 1.9.6 lets unauthenticated remote attackers reach p

CVE-2026-8505 CRITICAL
9.8 Jul 17

Unauthenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 stems from broken webhook authentication

Share

CVE-2026-7667 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy