CVE-2026-8635
CRITICAL
9.9
CVSS 3.1
Description
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions.
Metadata
Severity & Metrics
9.9
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| IBM | Langflow OSS | — | 1.0.0 ≤ 1.10.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-94 | cna | CWE-94 Improper Control of Generation of Code ('Code Injection') |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.9 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
References (1)