CVE-2026-7873

Published Jun 30, 2026

Last updated 3 days ago

Overview

Description
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
Source
psirt@us.ibm.com
NVD status
Analyzed
Products
langflow

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@us.ibm.com
CWE-94

Social media

Hype score
Not currently trending

Configurations

References

Sources include official advisories and independent security research.