CVE-2026-7524

Published May 27, 2026

Last updated 14 days ago

CVSS critical 9.8

Overview

Description
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
Source
psirt@us.ibm.com
NVD status
Analyzed
Products
langflow

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@us.ibm.com
CWE-22

Social media

Hype score
Not currently trending

  1. Over the last few months, I researched Langflow, n8n, and Activepieces. The result is 9 zero-days and a BlueHat IL talk ๐Ÿ› ๏ธ ๐Ÿšจ CVE-2026-7524 (Critical - 9.8) ๐Ÿšจ CVE-2026-48519 (Critical - 9.6) โš ๏ธ CVE-2026-7528 (High - 7.1) ๐Ÿ› CVE-2026-42228 (Moderate - 6.3) ๐Ÿ› CV

    @vbCrLf

    15 Jun 2026

    98 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Over the last few months, I dove into the internals of Langflow, n8n, and Activepieces. The result is 9 zero-days and a BlueHat IL talk ๐Ÿ› ๏ธ ๐Ÿšจ CVE-2026-7524 (Critical - 9.8) ๐Ÿšจ CVE-2026-48519 (Critical - 9.6) โš ๏ธ CVE-2026-7528 (High - 7.1) ๐Ÿ› CVE-2026-42228 (Modera

    @vbCrLf

    15 Jun 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Over the last few months, I dove into the internals of Langflow, n8n, and Activepieces. The result is 9 zero-days and a BlueHat IL talk ๐Ÿ› ๏ธ ๐Ÿšจ CVE-2026-7524 (Critical - 9.8) ๐Ÿšจ CVE-2026-48519 (Critical - 9.6) โš ๏ธ CVE-2026-7528 (High - 7.1) ๐Ÿ› CVE-2026-42228 (Modera

    @vbCrLf

    15 Jun 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. # Langflow Multi-CVE Exploit Kit **CVE-2026-7524 (Path Traversal) | CVE-2026-7700 (Lambda eval) | CVE-2026-7687 (CodeParse> **Military-Grade Multi-Vector RCE Exploitation Framework** #exploit #0days #CVE #CVSS #security #hacking https://t.co/hB4tr07PJW

    @YogSoth0

    15 Jun 2026

    182 Impressions

    0 Retweets

    7 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. New 0days multi-exploit kit: Langflow Multi-CVE Reconnaissance Scanner Targets: CVE-2026-7524 (Path Traversal), CVE-2026-7700 (Lambda eval), CVE-2026-7687 (CodeParser) Military-grade async scanner with vulnerability fingerprinting and exploitability scoring. Soon on gibliz h

    @YogSoth0

    14 Jun 2026

    220 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  6. ๐Ÿšจ CVE-2026-7524 โ€” CVSS 9.8/10 โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links... Severity: CRITICAL Patch now. #cybersecurity #CVE https://t.co/LKalsDQ8nc

    @OrizonCyber

    27 May 2026

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.โ€ขCVE-2026-7528
  2. Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this flaw to delete arbitrary directories anywhere on the server's filesystem, leading to data loss and potential service disruption. This vulnerability is fixed in 1.9.0.โ€ขCVE-2026-42048
  3. IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.โ€ขCVE-2026-6542
  4. IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.โ€ขCVE-2026-3357
  5. Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `False` (i.e., authentication was enabled), neither branch enforced an ownership check โ€” the query returned any flow matching the given UUID regardless of who owned it. This allowed any authenticated user to read any other user's flow, including embedded plaintext API keys; modify the logic of another user's AI agents, and/or delete flows belonging to other users. The vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with `user_id = NULL`) under auto-login mode, but inadvertently left the authenticated path without an ownership filter. The fix in version 1.5.1 removes the `AUTO_LOGIN` conditional entirely and unconditionally scopes the query to the requesting user.โ€ขCVE-2026-34046

References

Sources include official advisories and independent security research.