Skip to main content

IBM Langflow CVE-2026-9103

| EUVDEUVD-2026-45258 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-07-17 ibm
9.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
CRITICAL
qualitative
NVD
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Default-enabled endpoint returns a superuser token to any unauthenticated network client in one request (AV:N/AC:L/PR:N/UI:N), yielding full admin compromise of the instance (C:H/I:H/A:H).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 17, 2026 - 19:19 vuln.today
CVE Published
Jul 17, 2026 - 18:49 cve.org
CRITICAL 9.8

DescriptionNVD

IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/auto_login endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTO_LOGIN configuration is enabled (enabled by default), which may allow an unauthenticated network attacker to obtain full administrative access. Additionally, permissive cross-origin resource sharing (CORS) settings may allow tokens to be exposed to unintended origins, increasing the risk of unauthorized access.

AnalysisAI

Authentication bypass in IBM Langflow OSS 1.0.0 through 1.10.0 lets an unauthenticated remote attacker retrieve a long-lived superuser bearer token from the /api/v1/login/auto_login endpoint whenever the AUTO_LOGIN setting is on - which is the default. Because the endpoint mints full-admin tokens with no credentials, any network-reachable attacker gains complete administrative control, and overly permissive CORS can leak those tokens to unintended origins. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Langflow API over network
Delivery
Request /api/v1/login/auto_login unauthenticated
Exploit
Receive superuser bearer token
Execution
Authenticate to admin API
Impact
Control flows, secrets, and model keys

Vulnerability AssessmentAI

Exploitation Exploitation requires that the AUTO_LOGIN configuration setting be enabled - this is the default, so out-of-the-box deployments are vulnerable - and that the attacker have network reachability to the Langflow API's /api/v1/login/auto_login endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuine high-priority issue rather than an inflated CVSS number. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach a default-configured Langflow instance sends a single request to /api/v1/login/auto_login and receives a long-lived superuser bearer token without any credentials. Using that token they authenticate to the admin API and gain full control - reading and modifying flows, secrets, and connected model/API keys, or executing further actions. …
Remediation Patch available per IBM advisory: upgrade Langflow OSS to the fixed release identified in IBM support document https://www.ibm.com/support/pages/node/7278926 (the input confirms a vendor patch but does not state the exact fixed version number, so verify it in the advisory before deploying). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all IBM Langflow OSS deployments, identify affected versions (1.0.0-1.10.0), and determine AUTO_LOGIN status; flag all production instances for emergency remediation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-10561 CRITICAL
10.0 Jun 22

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom

CVE-2026-7873 CRITICAL
9.9 Jun 30

Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-

CVE-2026-8476 CRITICAL
9.9 Jul 17

Remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows attackers to run arbitrary code by planting a mali

CVE-2026-8481 CRITICAL
9.9 Jul 17

Authenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 lets any logged-in user run arbitrary Pytho

CVE-2026-8635 CRITICAL
9.9 Jul 17

Privilege escalation to remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated user to e

CVE-2026-8859 CRITICAL
9.9 Jul 17

Arbitrary file write in IBM Langflow OSS 1.0.0 through 1.10.0 lets an attacker who controls an external HTTP server plan

CVE-2026-9135 CRITICAL
9.9 Jul 17

Arbitrary Python code execution in IBM Langflow OSS 1.0.0 through 1.10.0 (Langflow versions up to 1.9.2) allows authenti

CVE-2026-7871 CRITICAL
9.8 Jun 30

Insecure deserialization (CWE-502) in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any party with access to the b

CVE-2026-7803 CRITICAL
9.8 Jun 30

Arbitrary code execution in IBM Langflow OSS versions 1.0.0 through 1.10.0 allows remote attackers to run code on the ho

CVE-2026-7664 CRITICAL
9.8 Jun 22

Authorization bypass in IBM Langflow OSS 1.0.0 through 1.8.4 allows unauthenticated remote attackers to access protected

CVE-2026-7663 CRITICAL
9.8 Jun 30

Improper authorization enforcement in IBM Langflow OSS 1.0.0 through 1.9.6 lets unauthenticated remote attackers reach p

CVE-2026-8505 CRITICAL
9.8 Jul 17

Unauthenticated remote code execution in IBM Langflow OSS 1.0.0 through 1.10.0 stems from broken webhook authentication

Share

CVE-2026-9103 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy