Skip to main content

IBM Langflow OSS CVE-2026-8635

CRITICAL
Code Injection (CWE-94)
2026-07-17 ibm
9.9
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
CRITICAL
qualitative
NVD
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Network-reachable service exploitable by any authenticated user (PR:L), no interaction, and DB-manipulation-to-RCE breaks out of the app context (S:C) with full confidentiality, integrity, and availability loss.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 17, 2026 - 19:45 vuln.today
CVE Published
Jul 17, 2026 - 19:02 cve.org
CRITICAL 9.9

DescriptionNVD

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions.

AnalysisAI

Privilege escalation to remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated user to elevate their account to superuser by directly manipulating the underlying database, then execute arbitrary system commands and achieve full compromise of the host running the Langflow service. The flaw (CWE-94, code injection) carries a critical CVSS 9.9 with a scope change, meaning code runs with the Langflow service account's permissions beyond the vulnerable component. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privileged account
Delivery
Manipulate database to set superuser role
Exploit
Escalate to superuser context
Execution
Invoke code execution component
Persist
Execute arbitrary system commands
Impact
Full host compromise as service account

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated Langflow account (CVSS PR:L) with network reachability to the Langflow OSS 1.0.0-1.10.0 web service (AV:N); no user interaction and low complexity are needed once that access is held. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) is internally consistent with the description: network reachable, low complexity, requires low (authenticated) privileges, no user interaction, scope change, and full CHI impact - yielding a critical 9.9. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who holds or obtains any low-privileged Langflow account authenticates to the platform, then directly manipulates the backing database to promote their account to superuser. With superuser role they invoke Langflow's code/command execution capability to run arbitrary system commands, gaining a shell with the Langflow service account's permissions and full control of the host. …
Remediation Patch available per vendor advisory - apply the fixed release referenced in IBM's advisory at https://www.ibm.com/support/pages/node/7278925; the input does not include an exact fixed version number, so confirm the target build from that advisory before upgrading. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify and inventory all systems running IBM Langflow OSS versions 1.0.0 through 1.10.0, and apply the vendor-released patch immediately to all instances; if immediate patching is not possible, isolate affected systems from production networks and restrict access to the most trusted administrators only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-10561 CRITICAL
10.0 Jun 22

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom

CVE-2026-7873 CRITICAL
9.9 Jun 30

Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-

CVE-2026-8476 CRITICAL
9.9 Jul 17

Remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows attackers to run arbitrary code by planting a mali

CVE-2026-8481 CRITICAL
9.9 Jul 17

Authenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 lets any logged-in user run arbitrary Pytho

CVE-2026-8859 CRITICAL
9.9 Jul 17

Arbitrary file write in IBM Langflow OSS 1.0.0 through 1.10.0 lets an attacker who controls an external HTTP server plan

CVE-2026-9135 CRITICAL
9.9 Jul 17

Arbitrary Python code execution in IBM Langflow OSS 1.0.0 through 1.10.0 (Langflow versions up to 1.9.2) allows authenti

CVE-2026-7871 CRITICAL
9.8 Jun 30

Insecure deserialization (CWE-502) in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any party with access to the b

CVE-2026-7803 CRITICAL
9.8 Jun 30

Arbitrary code execution in IBM Langflow OSS versions 1.0.0 through 1.10.0 allows remote attackers to run code on the ho

CVE-2026-7664 CRITICAL
9.8 Jun 22

Authorization bypass in IBM Langflow OSS 1.0.0 through 1.8.4 allows unauthenticated remote attackers to access protected

CVE-2026-7663 CRITICAL
9.8 Jun 30

Improper authorization enforcement in IBM Langflow OSS 1.0.0 through 1.9.6 lets unauthenticated remote attackers reach p

CVE-2026-8505 CRITICAL
9.8 Jul 17

Unauthenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 stems from broken webhook authentication

CVE-2026-9103 CRITICAL
9.8 Jul 17

Authentication bypass in IBM Langflow OSS 1.0.0 through 1.10.0 lets an unauthenticated remote attacker retrieve a long-l

Share

CVE-2026-8635 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy