Description
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.
Published: 2026-04-30
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an insecure code validation endpoint that allows a user to run arbitrary system commands with the privileges of the Langflow Desktop process. By executing commands with the process’s privileges, an attacker can read sensitive environment variables such as API keys and database credentials, modify files, or launch further attacks on the internal network. The vulnerability corresponds to CWE‑94 Injection in an eval‑like context.

Affected Systems

IBM Langflow Desktop versions 1.0.0 through 1.8.4 are affected. The bug was removed in version 1.9.0 and later.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. The EPSS score is reported as < 1%, suggesting a very low but nonzero likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. If a user can invoke the vulnerable endpoint, the attacker gains full command‑execution rights on the host, enabling data exfiltration, lateral movement, or further compromise of the internal network.

Generated by OpenCVE AI on May 2, 2026 at 10:49 UTC.

Remediation

Vendor Solution

IBM recommends addressing the vulnerability now by upgrading to IBM Langflow Desktop 1.9.0 or newer https://www.langflow.org/blog/langflow-1-8-desktopIf you are already using Langflow Desktop, upgrade in the application to version 1.9.0To install Langflow Desktop for the first time, visit Download Langflow Desktop.

OpenCVE Recommended Actions

  • Upgrade to IBM Langflow Desktop 1.9.0 or newer, as IBM recommends.
  • If an upgrade cannot be performed immediately, restrict or disable the Code Validation endpoint so that only trusted or administrative users can invoke it.
  • Run Langflow Desktop with the least privileges possible, avoiding administrative or root permissions.

Generated by OpenCVE AI on May 2, 2026 at 10:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Langflow
Langflow langflow Desktop
CPEs cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*
Vendors & Products Langflow
Langflow langflow Desktop

Fri, 01 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.
Title Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint
First Time appeared Ibm
Ibm langflow Desktop
Weaknesses CWE-94
CPEs cpe:2.3:a:ibm:langflow_desktop:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:langflow_desktop:1.8.4:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm langflow Desktop
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ibm Langflow Desktop
Langflow Langflow Desktop
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-02T03:55:24.549Z

Reserved: 2026-04-17T18:06:13.865Z

Link: CVE-2026-6543

cve-icon Vulnrichment

Updated: 2026-05-01T13:59:30.788Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T22:16:26.467

Modified: 2026-05-11T17:04:58.980

Link: CVE-2026-6543

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T11:00:06Z

Weaknesses