Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Account creation is unauthenticated and network-reachable (AV:N/PR:N), but full RCE impact depends on the non-default NEW_USER_IS_ACTIVE=true option, warranting AC:H over the vendor's AC:L.
Primary rating from Vendor (ibm).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW_USER_IS_ACTIVE=true (documented deployment option), newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need for AUTO_LOGIN.
AnalysisAI
Missing authentication in IBM Langflow OSS 1.0.0 through 1.10.0 lets unauthenticated remote attackers register unlimited user accounts against any exposed instance. When the documented NEW_USER_IS_ACTIVE=true option is set, those accounts become immediately active and can log in to reach known remote-code-execution endpoints, providing a full authentication foothold without relying on AUTO_LOGIN. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The unauthenticated account-creation flaw requires only network reachability to the Langflow HTTP interface - no credentials, no user interaction (AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, 9.8) describes trivially reachable, unauthenticated, high-impact exploitation, and CWE-306 corroborates a missing-auth root cause. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker locates an internet-exposed Langflow instance and repeatedly calls the unauthenticated registration endpoint to create one or more accounts. On an instance running NEW_USER_IS_ACTIVE=true, the attacker immediately logs in with a self-created account and invokes Langflow's flow-execution endpoints to achieve remote code execution on the host. … |
| Remediation | Patch available per vendor advisory - upgrade to the fixed IBM Langflow OSS release identified in the IBM advisory at https://www.ibm.com/support/pages/node/7278929 (no exact fixed version number is provided in the input data, so confirm the target build against that advisory). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all internet-facing IBM Langflow instances and apply the latest patched version immediately. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Langflow Oss
View allUnauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom
Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-
Arbitrary Python code execution in IBM Langflow OSS 1.0.0 through 1.10.0 (Langflow versions up to 1.9.2) allows authenti
Insecure deserialization (CWE-502) in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any party with access to the b
Arbitrary code execution in IBM Langflow OSS versions 1.0.0 through 1.10.0 allows remote attackers to run code on the ho
Authorization bypass in IBM Langflow OSS 1.0.0 through 1.8.4 allows unauthenticated remote attackers to access protected
Improper authorization enforcement in IBM Langflow OSS 1.0.0 through 1.9.6 lets unauthenticated remote attackers reach p
Authentication bypass in IBM Langflow OSS 1.0.0 through 1.10.0 lets an unauthenticated remote attacker retrieve a long-l
Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any network-reachable attac
Credential disclosure in IBM Langflow OSS versions 1.0.0 through 1.10.0 stems from a weak, reversible key-derivation mec
Insecure direct object reference (IDOR) in IBM Langflow OSS 1.0.0 through 1.9.1 allows an authenticated user to read or
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45235