CVE 9.8 CRITICAL

Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution_CVE-2026-7524

May 27, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

AI Analysis

Path traversal vulnerability allowing unauthorized file system access and potential remote code execution

Basic Information

ID CVE-2026-7524

Source ibm

Published May 27, 2026 at 13:14

Affected Product

Vendor IBM

Product Langflow OSS

Version 1.0.0-1.9.1

Affected Versions IBM Langflow OSS 1.0.0

CWE Classification

CWE-22

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor IBM

Product Langflow OSS

Version 1.0.0-1.9.1

References

www.ibm.com /support/pages/node/7273426

{
    "lastseen": "",
    "description": "IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.",
    "published": "2026-05-27T13:14:23.238Z",
    "modified": "2026-05-27T13:14:23.238Z",
    "type": "cve",
    "title": "Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7273426",
    "id": "CVE-2026-7524",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "IBM Langflow OSS 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Langflow OSS",
    "version": "1.0.0-1.9.1",
    "vendor": "IBM",
    "ai_description": "Path traversal vulnerability allowing unauthorized file system access and potential remote code execution",
    "ai_severity": "Critical",
    "ai_vendor": "IBM",
    "ai_product": "Langflow OSS",
    "ai_version": "1.0.0-1.9.1",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply