Skip to main content

IBM Langflow OSS CVE-2026-8505

CRITICAL
2026-07-17 ibm
9.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
CRITICAL
qualitative
NVD
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Network-reachable, no auth (PR:N) and no interaction against the default config; AC:L retained despite the UUID requirement, with full CIA impact via flow-driven RCE on the unchanged host scope.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 17, 2026 - 19:46 vuln.today
CVE Published
Jul 17, 2026 - 19:06 cve.org
CRITICAL 9.8

DescriptionNVD

IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The system incorrectly bypasses API key validation when the WEBHOOK_AUTH_ENABLE configuration is set to False (which is the default setting). This allows a remote attacker who knows a flow's UUID to execute it as if they were the owner, potentially leading to Remote Code Execution (RCE).

AnalysisAI

Unauthenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 stems from broken webhook authentication that skips API key validation whenever WEBHOOK_AUTH_ENABLE is False - which is the shipped default. Any remote attacker who learns a flow's UUID can invoke that flow's webhook endpoint as though they were its owner, running arbitrary flow logic and reaching RCE. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify internet-reachable Langflow instance
Delivery
Obtain target flow UUID
Exploit
POST to webhook endpoint (auth bypassed, default config)
Execution
Server executes flow as owner
Persist
Trigger code-execution component
Impact
Achieve RCE on host

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target run IBM Langflow OSS 1.0.0-1.10.0 with the WEBHOOK_AUTH_ENABLE configuration set to False - which is the DEFAULT, so no attacker-controlled reconfiguration is needed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuine high priority, not a paper tiger. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a target flow's UUID - for example harvested from a leaked URL, log entry, or shared workspace export - sends a crafted HTTP POST to that flow's webhook endpoint on an internet-exposed Langflow instance running the default configuration. Because WEBHOOK_AUTH_ENABLE is False, the server skips API key validation and executes the flow as its owner; if the flow contains code-execution components, this yields arbitrary code execution on the host. …
Remediation Patch available per vendor advisory - upgrade IBM Langflow OSS to the fixed release identified in IBM's advisory at https://www.ibm.com/support/pages/node/7278921 (consult that page for the exact patched version, which was not enumerated in the source data, so do not assume a version number). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all IBM Langflow OSS instances in your environment, identify those running versions 1.0.0 through 1.10.0, and prioritize instances handling sensitive or production data. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-10561 CRITICAL
10.0 Jun 22

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom

CVE-2026-7873 CRITICAL
9.9 Jun 30

Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-

CVE-2026-8476 CRITICAL
9.9 Jul 17

Remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows attackers to run arbitrary code by planting a mali

CVE-2026-8481 CRITICAL
9.9 Jul 17

Authenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 lets any logged-in user run arbitrary Pytho

CVE-2026-8635 CRITICAL
9.9 Jul 17

Privilege escalation to remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated user to e

CVE-2026-8859 CRITICAL
9.9 Jul 17

Arbitrary file write in IBM Langflow OSS 1.0.0 through 1.10.0 lets an attacker who controls an external HTTP server plan

CVE-2026-9135 CRITICAL
9.9 Jul 17

Arbitrary Python code execution in IBM Langflow OSS 1.0.0 through 1.10.0 (Langflow versions up to 1.9.2) allows authenti

CVE-2026-7871 CRITICAL
9.8 Jun 30

Insecure deserialization (CWE-502) in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any party with access to the b

CVE-2026-7803 CRITICAL
9.8 Jun 30

Arbitrary code execution in IBM Langflow OSS versions 1.0.0 through 1.10.0 allows remote attackers to run code on the ho

CVE-2026-7664 CRITICAL
9.8 Jun 22

Authorization bypass in IBM Langflow OSS 1.0.0 through 1.8.4 allows unauthenticated remote attackers to access protected

CVE-2026-7663 CRITICAL
9.8 Jun 30

Improper authorization enforcement in IBM Langflow OSS 1.0.0 through 1.9.6 lets unauthenticated remote attackers reach p

CVE-2026-9103 CRITICAL
9.8 Jul 17

Authentication bypass in IBM Langflow OSS 1.0.0 through 1.10.0 lets an unauthenticated remote attacker retrieve a long-l

Share

CVE-2026-8505 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy