Skip to main content

IBM Langflow CVE-2026-7755

HIGH
2026-07-17 ibm
8.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
HIGH
qualitative
NVD
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable config feature exploitable by any low-privileged authenticated user (PR:L), no user interaction, yielding full host code execution, so C/I/A all High.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 17, 2026 - 19:48 vuln.today
CVE Published
Jul 17, 2026 - 19:18 cve.org
HIGH 8.8

DescriptionNVD

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files.

AnalysisAI

Remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated remote attacker to run arbitrary code because validation is not fully enforced on Model Context Protocol (MCP) server configuration files, permitting injection of attacker-controlled commands or server definitions. IBM has published a fix advisory (node/7278932). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Langflow with low-privilege account
Delivery
Submit crafted MCP server configuration
Exploit
Bypass incomplete config validation
Execution
Langflow spawns attacker command
Impact
Execute arbitrary code on host

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) network access to the Langflow OSS application and (2) an authenticated account with at least low privileges (CVSS PR:L), specifically the ability to create or modify an MCP server configuration file/definition - that MCP configuration path is the exact feature whose validation is incompletely enforced. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuine priority for anyone running an exposed or multi-user Langflow instance. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged account on an internet- or intranet-reachable Langflow instance submits or edits an MCP server configuration containing a malicious command definition; because validation is incompletely enforced, Langflow spawns the attacker's command and executes arbitrary code on the host. Given AV:N/AC:L, this can be driven remotely with a single crafted API request and no user interaction. …
Remediation Patch available per vendor advisory - apply the update referenced in IBM's advisory at https://www.ibm.com/support/pages/node/7278932; the exact fixed version was not included in the provided data, so obtain it directly from that advisory (the affected band ends at 1.10.0, so upgrade to the first release IBM identifies as fixed). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all IBM Langflow OSS instances across production and non-production environments, confirm current versions, and verify patch availability from IBM advisory node/7278932. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-10561 CRITICAL
10.0 Jun 22

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom

CVE-2026-7873 CRITICAL
9.9 Jun 30

Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-

CVE-2026-8476 CRITICAL
9.9 Jul 17

Remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows attackers to run arbitrary code by planting a mali

CVE-2026-8481 CRITICAL
9.9 Jul 17

Authenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 lets any logged-in user run arbitrary Pytho

CVE-2026-8635 CRITICAL
9.9 Jul 17

Privilege escalation to remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated user to e

CVE-2026-8859 CRITICAL
9.9 Jul 17

Arbitrary file write in IBM Langflow OSS 1.0.0 through 1.10.0 lets an attacker who controls an external HTTP server plan

CVE-2026-9135 CRITICAL
9.9 Jul 17

Arbitrary Python code execution in IBM Langflow OSS 1.0.0 through 1.10.0 (Langflow versions up to 1.9.2) allows authenti

CVE-2026-7871 CRITICAL
9.8 Jun 30

Insecure deserialization (CWE-502) in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any party with access to the b

CVE-2026-7803 CRITICAL
9.8 Jun 30

Arbitrary code execution in IBM Langflow OSS versions 1.0.0 through 1.10.0 allows remote attackers to run code on the ho

CVE-2026-7664 CRITICAL
9.8 Jun 22

Authorization bypass in IBM Langflow OSS 1.0.0 through 1.8.4 allows unauthenticated remote attackers to access protected

CVE-2026-7663 CRITICAL
9.8 Jun 30

Improper authorization enforcement in IBM Langflow OSS 1.0.0 through 1.9.6 lets unauthenticated remote attackers reach p

CVE-2026-8505 CRITICAL
9.8 Jul 17

Unauthenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 stems from broken webhook authentication

Share

CVE-2026-7755 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy