Langflow OSS
by IBM
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7524 | Cri | 0.57 | 9.8 | 0.01 | May 27, 2026 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. | ||
| CVE-2026-7787 | Hig | 0.42 | 7.5 | 0.00 | Jun 11, 2026 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. | ||
| CVE-2026-7528 | Hig | 0.39 | 7.1 | 0.00 | May 27, 2026 | IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption. | ||
| CVE-2026-7664 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint. | |||
| CVE-2026-10561 | 0.00 | — | 0.01 | Jun 22, 2026 | IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise |
- risk 0.57cvss 9.8epss 0.01
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
- risk 0.42cvss 7.5epss 0.00
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
- risk 0.39cvss 7.1epss 0.00
IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
- CVE-2026-7664Jun 22, 2026risk 0.00cvss —epss 0.00
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
- CVE-2026-10561Jun 22, 2026risk 0.00cvss —epss 0.01
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise