High severity8.8NVD Advisory· Published Apr 8, 2026· Updated Apr 14, 2026

CVE-2026-3357

Description

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.

Affected products

Langflow/Langflow
cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
Range: >=1.6.0,<1.8.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7268428nvdVendor Advisory

News mentions

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
The Hacker News · May 14, 2026
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
The Hacker News · May 11, 2026
Metasploit Wrap-Up 04/25/2026
Rapid7 Blog · Apr 24, 2026
23rd March – Threat Intelligence Report
Check Point Research · Mar 23, 2026
Hackers Exploit Critical Langflow Bug in Just 20 Hours
Infosecurity Magazine · Mar 20, 2026

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000