CVE-2026-7803

Published Jun 30, 2026

Last updated 3 days ago

Overview

Description
IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.
Source
psirt@us.ibm.com
NVD status
Analyzed
Products
langflow

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@us.ibm.com
CWE-20
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

Configurations

References

Sources include official advisories and independent security research.