Skip to main content

IBM Langflow CVE-2026-7873

| EUVDEUVD-2026-40381 CRITICAL
Code Injection (CWE-94)
2026-06-30 ibm GHSA-v798-mcc6-2m3m
9.9
CVSS 3.1 · Vendor: ibm
Share

Severity by source

Vendor (ibm) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Network-reachable, low-complexity code injection requiring only a low-privileged account (PR:L); OS command execution breaks out of the app context (S:C) for full C/I/A loss.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (ibm).

CVSS VectorVendor: ibm

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 30, 2026 - 19:51 vuln.today

DescriptionCVE.org

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

AnalysisAI

Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-system commands and read sensitive files such as stored credentials, escalating from low-privileged application access to full host compromise. Rated CVSS 9.9 with a scope-changing vector, the flaw enables lateral movement once an attacker holds any valid Langflow account. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege Langflow account
Delivery
Submit crafted code-injection input
Exploit
Execute arbitrary OS commands on host
Execution
Read credential and secret files
Impact
Pivot for lateral movement

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated Langflow session (CVSS PR:L) reachable over the network (AV:N), with no user interaction (UI:N) and low complexity (AC:L) against versions 1.0.0-1.10.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals lean strongly toward genuine priority for any internet-reachable deployment: AV:N/AC:L means network-reachable, low-complexity exploitation, and S:C with C:H/I:H/A:H reflects full host takeover, yielding the 9.9 base score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or been granted a low-privilege Langflow account crafts a flow or input that injects OS commands into the server-side runtime, then executes commands to read credential files on the host. Using those harvested secrets, the attacker pivots to connected systems for lateral movement. …
Remediation Apply the fix referenced in IBM's advisory at https://www.ibm.com/support/pages/node/7278441 (Patch available per vendor advisory); the exact fixed version is not stated in the available data and must be taken from that page, so upgrade to the first release above 1.10.0 that IBM designates as patched. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all systems running IBM Langflow OSS versions 1.0.0-1.10.0; restrict network access to vulnerable instances pending patching. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-7873 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy