Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.

AI Analysis

Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

Basic Information

ID CVE-2026-6543

Source ibm

Published Apr 30, 2026 at 21:11

Affected Product

Vendor IBM

Product Langflow Desktop

Version 1.0.0

Affected Versions IBM Langflow Desktop 1.0.0

CWE Classification

CWE-94

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor IBM

Product Langflow Desktop

Version 1.0.0-1.8.4

References

www.ibm.com /support/pages/node/7271092

{
    "lastseen": "",
    "description": "IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.",
    "published": "2026-04-30T21:11:54.483Z",
    "modified": "2026-04-30T21:11:54.483Z",
    "type": "cve",
    "title": "Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7271092",
    "id": "CVE-2026-6543",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "IBM Langflow Desktop 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Langflow Desktop",
    "version": "1.0.0",
    "vendor": "IBM",
    "ai_description": "Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint",
    "ai_severity": "High",
    "ai_vendor": "IBM",
    "ai_product": "Langflow Desktop",
    "ai_version": "1.0.0-1.8.4",
    "ai_score": 8.8
}

Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint_CVE-2026-6543