CVE 9.8 CRITICAL

Flow Validation Bypass via Empty Component Type Field_CVE-2026-7803

9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.

AI Analysis

Arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields

Basic Information

ID CVE-2026-7803
Source ibm
Published Jun 30, 2026 at 19:15
Modified Jun 30, 2026 at 19:54

Affected Product

Vendor IBM
Product Langflow OSS
Version 1.0.0
Affected Versions IBM Langflow OSS 1.0.0

CWE Classification

AI Assessment

AI Score 9.8 / 10
AI Severity Critical
Vendor IBM
Product Langflow OSS
Version 1.0.0-1.10.0

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.