Back to overview

CVE-2026-7873

CRITICAL
9.9
CVSS 3.1
Description
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

Metadata

CVE ID
CVE-2026-7873
State
PUBLISHED
Assigner
ibm
Reserved
2026-05-05 14:20 UTC
Published
2026-06-30 19:13 UTC
Last updated
2026-06-30 19:13 UTC
Primary CWE
CWE-94
CWE-94 Improper Control of Generation of Code ('Code Injecti…
Vendor / Product
IBM / Langflow OSS
Sources
cve.org  ·  NVD

Severity & Metrics

9.9 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
IBM Langflow OSS 1.0.0 ≤ 1.10.0
Weakness (CWE)
CWESourceDescription
CWE-94 cna CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.9 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Back to overview