Description
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
Published: 2026-06-22
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in IBM Langflow OSS results from improper isolation of Python execution combined with an authentication bypass. An unauthenticated attacker can supply malicious code to the Python REPL component, leading the system to execute it with host privileges. This flaw is an instance of code injection (CWE‑94) and can be leveraged for complete system compromise.

Affected Systems

Affected systems include IBM Langflow OSS releases from 1.0.0 through 1.9.3. All users operating those versions are susceptible, regardless of deployment environment, as the flaw requires no additional privileges beyond network reach to the vulnerable component.

Risk and Exploitability

The CVSS score of 10 reflects a critical severity, while the EPSS score is not available. The vulnerability is not currently listed in the CISA KEV catalog. Attackers need only unauthenticated network access to the exposed Python REPL endpoint; no further preparation is required, making exploitation straightforward.

Generated by OpenCVE AI on June 22, 2026 at 14:20 UTC.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.9.4 https://pypi.org/project/langflow/

OpenCVE Recommended Actions

  • Upgrade IBM Langflow OSS to version 1.9.4 or later, which resolves the code injection and authentication bypass flaws.
  • If an upgrade is not immediately feasible, disable or restrict network access to the Python REPL component to block unauthenticated requests.
  • Ensure that all components enforce proper authentication and sandbox Python execution to prevent future isolation weaknesses.

Generated by OpenCVE AI on June 22, 2026 at 14:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Description IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise
Title Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection
First Time appeared Ibm
Ibm langflow Oss
Weaknesses CWE-94
CPEs cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm langflow Oss
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Ibm Langflow Oss
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-22T13:22:07.628Z

Reserved: 2026-06-01T15:41:38.211Z

Link: CVE-2026-10561

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T14:30:05Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')