High severity8.8NVD Advisory· Published Apr 30, 2026· Updated May 11, 2026

CVE-2026-6543

Description

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.

Affected products

Langflow/Langflow Desktop
cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*
Range: >=1.0.0,<=1.8.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7271092nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000