CVE-2026-7871
CRITICAL
9.8
CVSS 3.1
Description
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
Metadata
Severity & Metrics
9.8
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| IBM | Langflow OSS | — | 1.0.0 ≤ 1.10.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-502 | cna | CWE-502 Deserialization of Untrusted Data |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.8 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (1)